CVE-2026-50089— Aqara IAM/SSO Gateway open redirect
Possible ATT&CK Techniques 1AI
T1566.002 · Spearphishing LinkAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Aqara | Aqara IAM/SSO Gateway | 2026-04-20< 0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-50089
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Aqara IAM/SSO Gateway open redirect
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Aqara IAM/SSO Gateway (gw-builder.aqara.com) provides an open redirect, which is an instance of "CWE-601: URL Redirection to Untrusted Site," with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (6.1 Medium), which can be used to set up a phishing attack.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Aqara | Aqara IAM/SSO Gateway | 2026-04-20 ~ 0 | - |
II. Public POCs for CVE-2026-50089
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-50089
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-50089 (1)
Proof of Concept for CVE-2026-50089 (1)
Same Patch Batch · Aqara · 2026-06-12 · 10 CVEs total
| CVE-2026-50086 | 10.0 CRITICAL | Aqara unauthenticated AES oracle |
| CVE-2026-50084 | 9.6 CRITICAL | Aqara API cross-account access |
| CVE-2026-50090 | 9.3 CRITICAL | Aqara OAuth redirect_uri validation bypass |
| CVE-2026-50083 | 9.1 CRITICAL | Aqara hardcoded OAuth client credentials |
| CVE-2026-50091 | 9.1 CRITICAL | Aqara Home Android SDK hardcoded keys |
| CVE-2026-50085 | 8.6 HIGH | Aqara Board IoT insecure debug API |
| CVE-2026-50087 | 8.2 HIGH | Aqara IAM/SSO Gateway cross-origin resource sharing |
| CVE-2026-50088 | 8.2 HIGH | Aqara Developer Portal cross-origin resource sharing |
| CVE-2026-50082 | 6.5 MEDIUM | Aqara Developer Portal insecure authentication token |
IV. Related Vulnerabilities
Same vendor: Aqara
Same weakness: CWE-601
- CVE-2026-53523
Nezha Monitoring: OAuth2 Redirect URL — Host Header Injectio - CVE-2026-46616
Umbraco.Cms: Open Redirect Vulnerability in Surface Controll - CVE-2026-45566
Roxy-WI: Open redirect on /login?next= via basic-auth userin - CVE-2026-48856
httpc leaks Authorization header to cross-origin redirect ta - CVE-2026-41706
Open Redirect When Using CookieRequestCache
V. Comments for CVE-2026-50089
No comments yet