CVE-2026-36537: n/a
ThingsBoard version 4.3.0.1 contains an authentication bypass vulnerability in the OAuth authorization code exchange process. The application improperly trusts user-supplied identity data in the user parameter at the /login/oauth2/code/ endpoint. By manipulating the email address in this JSON object, an attacker can bypass authentication and gain full access to any existing user account without needing the user's credentials, resulting in complete account takeover.
AI Analysis
Technical Summary
ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange due to improper validation of user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. This flaw allows a remote attacker to manipulate the email address in the JSON object to bypass authentication controls and gain full access to any user account on the platform without possessing valid credentials, effectively enabling complete account takeover.
Potential Impact
An attacker can bypass authentication and gain full access to any existing user account on the ThingsBoard platform, leading to complete account takeover. This compromises the confidentiality and integrity of user accounts and potentially any data or operations accessible through those accounts.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or temporary mitigation has been documented at this time.
CVE-2026-36537: n/a
Description
ThingsBoard version 4.3.0.1 contains an authentication bypass vulnerability in the OAuth authorization code exchange process. The application improperly trusts user-supplied identity data in the user parameter at the /login/oauth2/code/ endpoint. By manipulating the email address in this JSON object, an attacker can bypass authentication and gain full access to any existing user account without needing the user's credentials, resulting in complete account takeover.
Affected software
pkg:maven/org.thingsboard/thingsboardRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange due to improper validation of user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. This flaw allows a remote attacker to manipulate the email address in the JSON object to bypass authentication controls and gain full access to any user account on the platform without possessing valid credentials, effectively enabling complete account takeover.
Potential Impact
An attacker can bypass authentication and gain full access to any existing user account on the ThingsBoard platform, leading to complete account takeover. This compromises the confidentiality and integrity of user accounts and potentially any data or operations accessible through those accounts.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or temporary mitigation has been documented at this time.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-04-06T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3052d90b89be6888826e97
Added to database: 6/15/2026, 7:30:33 PM
Last enriched: 6/15/2026, 8:16:16 PM
Last updated: 6/16/2026, 5:01:11 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.