Browse all 5 CVE security advisories affecting latchset. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Latchset is a physical access control system securing entry points in commercial and residential properties. Historically, it has faced vulnerabilities including remote code execution, authentication bypass, and privilege escalation, often stemming from insecure default configurations and firmware flaws. The system typically connects to networks via cloud services, creating potential attack vectors for unauthorized access. While no major public incidents have been widely documented, its five CVE records indicate persistent security concerns, particularly around weak encryption and improper input validation. Organizations implementing latchset should prioritize regular firmware updates and network segmentation to mitigate risks associated with these known vulnerabilities.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-39373 | JWCrypto: JWE ZIP decompression bomb — jwcryptoCWE-409 | 5.3 | Medium | 2026-04-07 |
| CVE-2024-28102 | JWCrypto vulnerable to JWT bomb Attack in `deserialize` function — jwcryptoCWE-770 | 6.8 | Medium | 2024-03-06 |
This page lists every published CVE security advisory associated with latchset. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.