CVE-2026-6411— MAXHUB Pivot Client Application Use of a Broken or Risky Cryptographic Algorithm

CVSS 7.3 · High EPSS 0.03% · P7 Updated May 08, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-6411

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

MAXHUB Pivot Client Application Use of a Broken or Risky Cryptographic Algorithm

Source: NVD (National Vulnerability Database)

Vulnerability Description

This vulnerability, in the MAXHUB Pivot client application versions prior to v1.36.2, may allow an attacker to obtain encrypted tenant email addresses and related metadata from any tenant. Due to the presence of a hardcoded AES key within the application, the encrypted data can be decrypted, enabling access to tenant email addresses and associated information in cleartext. Furthermore, an attacker may be able to cause a denial-of-service condition by enrolling multiple unauthorized devices into a tenant via MQTT, potentially disrupting tenant operations.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

使用已被攻破或存在风险的密码学算法

Source: NVD (National Vulnerability Database)

Vulnerability Title

MAXHUB Pivot client application 加密问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

MAXHUB Pivot client application是MAXHUB公司的一个设备管理平台的客户端组件。 MAXHUB Pivot client application 1.36.2之前版本存在加密问题漏洞，该漏洞源于应用内硬编码AES密钥，可能导致攻击者解密加密的租户邮箱地址及相关元数据，并可能通过MQTT注册多个未授权设备导致拒绝服务。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
MAXHUB	MAXHUB Pivot client application	0 ~ 1.36.2	-

II. Public POCs for CVE-2026-6411

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-6411

请登录查看更多情报信息。

IV. Related Vulnerabilities

Same vendor: MAXHUB

CVE-2025-53704
MAXHUB Pivot Weak Password Recovery Mechanism for Forgotten

Same weakness: CWE-327

V. Comments for CVE-2026-6411

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-6411— MAXHUB Pivot Client Application Use of a Broken or Risky Cryptographic Algorithm

I. Basic Information for CVE-2026-6411

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-6411

III. Intelligence Information for CVE-2026-6411

IV. Related Vulnerabilities

V. Comments for CVE-2026-6411

Leave a comment