The vulnerability CVE-2026-27181 affects MajorDoMo, an open-source home automation system developed by sergejey. The core issue lies in the market module's admin() method, which reads the 'mode' parameter from HTTP request variables ($_REQUEST) and assigns it to an internal variable without any authentication or authorization checks. This design flaw allows unauthenticated users to access all mode-gated functionalities, including the 'uninstall' mode. When triggered, the uninstall mode handler calls uninstallPlugin(), which performs several destructive actions: it deletes the module's database records, executes the module's uninstall() method via eval(), recursively removes the module's directory and template files using removeTree(), and deletes any associated cycle scripts. Because the endpoint is accessible via unauthenticated GET requests to /objects/?module=market, an attacker can script a series of requests to uninstall multiple or all modules, effectively wiping the entire MajorDoMo installation. The vulnerability requires no privileges, no user interaction, and has a low attack complexity, resulting in a CVSS 4.0 score of 8.7 (high severity). This vulnerability compromises system integrity and availability, potentially rendering the automation platform inoperable and causing significant disruption to dependent services.

For European organizations relying on MajorDoMo for smart home or building automation, this vulnerability poses a critical risk to operational continuity. Successful exploitation results in complete removal of installed modules, leading to loss of automation functionality, disruption of critical building management systems, and potential safety hazards if security or environmental controls are affected. The integrity of the system is compromised as attackers can execute arbitrary uninstall scripts, possibly leading to further malicious actions. Availability is severely impacted as the platform may become non-functional until restored. Organizations may face downtime, increased operational costs, and reputational damage. Additionally, if MajorDoMo is integrated with other systems, cascading failures or data inconsistencies could occur. Given the unauthenticated nature of the exploit, any exposed MajorDoMo instance accessible from the internet or untrusted networks is at immediate risk.

1. Immediately restrict access to the /objects/?module=market endpoint by implementing network-level controls such as firewall rules or VPN requirements to limit access to trusted administrators only. 2. Deploy web application firewalls (WAFs) with custom rules to detect and block requests containing the 'mode=uninstall' parameter or suspicious module uninstallation patterns. 3. Monitor web server logs for unusual GET requests targeting the market module, especially those attempting to uninstall modules. 4. Apply vendor patches or updates as soon as they become available to fix the authorization bypass. 5. If patching is not immediately possible, consider disabling or removing the market module temporarily to prevent exploitation. 6. Implement strong authentication and authorization mechanisms for all administrative endpoints to prevent unauthenticated access. 7. Regularly back up MajorDoMo configurations and modules to enable rapid recovery in case of compromise. 8. Conduct internal audits to identify exposed MajorDoMo instances and remediate exposure to untrusted networks. 9. Educate administrators about this vulnerability and the importance of securing management interfaces.