← Retour aux CVEs
CVE-2026-26369
CRITICAL9.8
Description
eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to insufficient authorization checks in the setUserGroup JSON-RPC method. A low-privileged user (UG_USER) can send a crafted POST request to /jsonrpc/management specifying their own username to elevate their account to the UG_ADMIN group, bypassing intended access controls and gaining administrative capabilities such as modifying device configurations, network settings, and other smart home system functions.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie2/15/2026
Derniere modification2/28/2026
Sourcenvd
Observations honeypot0
Produits affectes
jung-group:enet_smart_home
Faiblesses (CWE)
CWE-269
References
https://www.vulncheck.com/advisories/jung-enet-smart-home-server-privilege-escalation-v(disclosure@vulncheck.com)
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5975.php(disclosure@vulncheck.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.