CVE-2026-50091

Published: Giu 12, 2026 Last Modified: Giu 12, 2026

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,1

Source: 44488dab-36db-4358-99f9-bc116477f914

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: none

Description

AI Translation Available

Aqara Home Android (com.lumiunited.aqarahome) 6.0.0 (and white-label clients embedding the same liblumidevsdk.so) uses hard-coded cryptographic keys, which is an instance of 'CWE-321: Use of Hard-coded Cryptographic Key' and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N (9.1 Critical).

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0003

Percentile

0,1th

Updated

EPSS Score Trend (Last 5 Days)

321

Use of Hard-coded Cryptographic Key

Draft

Abstraction: Variant Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control

Potential Impacts:

Bypass Protection Mechanism Gain Privileges Or Assume Identity Read Application Data

Applicable Platforms

Technologies: ICS/OT

Likelihood of Exploit: High

View CWE Details

https://github.com/xn0tsa/theres-no-place-like-home

https://www.runzero.com/advisories/aqara-hardcoded-sdk-keys…

https://www.runzero.com/advisories/aqara-hardcoded-sdk-keys-cve-2026-50091

CVE-2026-50091

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 5 Days)

Use of Hard-coded Cryptographic Key

Common Consequences

Applicable Platforms

Iscriviti alla newsletter