CVE-2026-50085

HIGH 8.6

Aqara Board IoT insecure debug API

CVSS Score

8.6

EPSS Score

0.0%

EPSS Percentile

0th

The Aqara Board service (op-test.aqara.com) accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and has an estimated CVSS ofCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L (8.6 High). When combined with CVE-2026-50082, CVE-50083, and CVE-50084, this can lead to a fully unauthenticated, remote takeover of affected devices.

CWE	CWE-306
Vendor	aqara
Product	board service
Published	Jun 12, 2026
Last Updated	Jun 12, 2026

Stay Ahead of the Next One

Get instant alerts for aqara board service

Be the first to know when new high vulnerabilities affecting aqara board service are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

Low

Affected Versions

Aqara / Board service

2026-04-20 < 0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/xn0tsa/theres-no-place-like-home runzero.com: https://www.runzero.com/advisories/aqara-board-iot-insecure-debug-api-cve-2026-50085

Credits

Sammy Azdoufal Tod Beardsley of runZero, Inc.