Browse all 3 CVE security advisories affecting edgexfoundry. AI-powered Chinese analysis, POCs, and references for each vulnerability.
EdgeX Foundry operates as an open-source IoT edge computing platform enabling device management and data processing at the network's edge. Historically, the project has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and authentication flaws. While no major security incidents have been widely documented, the platform's distributed architecture and third-party integrations present potential attack surfaces. With three CVEs currently recorded, security remains a focus area as the project continues to evolve in complex IoT environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-31066 | Configuration API in EdgeXFoundry exposes message bus credentials to local unauthenticated users — edgex-goCWE-200 | 5.9 | Medium | 2022-06-14 |
| CVE-2021-41278 | Broken encryption in app-functions-sdk “AES” transform in EdgeX Foundry releases prior to Jakarta allows attackers to decrypt messages via unspecified vectors — app-functions-sdk-goCWE-327 | 7.5 | - | 2021-11-18 |
| CVE-2021-32753 | Weak password in API gateway in EdgeX Foundry Edinburgh, Fuji, Geneva, and Hanoi releases allows remote attackers to obtain authentication token via dictionary-based password attack when OAuth2 authentication method is enabled. — edgex-goCWE-284 | 8.3 | High | 2021-07-09 |
This page lists every published CVE security advisory associated with edgexfoundry. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.