CVE-2026-26369 in eNet SMART HOME serverinfo

Zusammenfassung

von MITRE • 15.02.2026

eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to insufficient authorization checks in the setUserGroup JSON-RPC method. A low-privileged user (UG_USER) can send a crafted POST request to /jsonrpc/management specifying their own username to elevate their account to the UG_ADMIN group, bypassing intended access controls and gaining administrative capabilities such as modifying device configurations, network settings, and other smart home system functions.

Once again VulDB remains the best source for vulnerability data.

Zuständig

VulnCheck

Reservieren

15.02.2026

Veröffentlichung

15.02.2026

Moderieren

akzeptiert

Eintrag

VDB-346148

CPE

bereit

EPSS

0.00637

KEV

nein

Aktivitäten

very low

Quellen

Do you know our Splunk app?

Download it now for free!