CVE-2026-50086: CWE-327: Use of a Broken or Risky Cryptographic Algorithm in Aqara Aqara IAM/SSO Gateway
The Aqara IAM/SSO gateway (gw-builder.aqara.com) exposes bidirectional AES round-trups against the platform's signing key without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and "CWE-327: Use of a Broken or Risky Cryptographic Algorithm," and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (7.5 High).
AI Analysis
Technical Summary
CVE-2026-50086 describes a critical vulnerability in the Aqara IAM/SSO Gateway where bidirectional AES round-trups against the platform's signing key are exposed without requiring authentication. This constitutes both a missing authentication for a critical function (CWE-306) and the use of a broken or risky cryptographic algorithm (CWE-327). The vulnerability allows an attacker to interact with cryptographic operations that should be protected, potentially compromising confidentiality, integrity, and availability. The CVSS 3.1 vector indicates network attack vector, low attack complexity, no privileges or user interaction required, with scope changed and high impact on confidentiality, integrity, and availability.
Potential Impact
An unauthenticated attacker can exploit this vulnerability to perform cryptographic operations against the platform's signing key, potentially leading to full compromise of confidentiality, integrity, and availability of the affected system. The critical CVSS score of 10 reflects the severity and ease of exploitation over the network without any privileges or user interaction.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or vendor advisory is provided at this time. Until a patch is available, restrict network access to the Aqara IAM/SSO Gateway to trusted entities only and monitor for suspicious activity related to cryptographic operations.
CVE-2026-50086: CWE-327: Use of a Broken or Risky Cryptographic Algorithm in Aqara Aqara IAM/SSO Gateway
Description
The Aqara IAM/SSO gateway (gw-builder.aqara.com) exposes bidirectional AES round-trups against the platform's signing key without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and "CWE-327: Use of a Broken or Risky Cryptographic Algorithm," and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (7.5 High).
CVSS v3.1
Score 10.0critical
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-50086 describes a critical vulnerability in the Aqara IAM/SSO Gateway where bidirectional AES round-trups against the platform's signing key are exposed without requiring authentication. This constitutes both a missing authentication for a critical function (CWE-306) and the use of a broken or risky cryptographic algorithm (CWE-327). The vulnerability allows an attacker to interact with cryptographic operations that should be protected, potentially compromising confidentiality, integrity, and availability. The CVSS 3.1 vector indicates network attack vector, low attack complexity, no privileges or user interaction required, with scope changed and high impact on confidentiality, integrity, and availability.
Potential Impact
An unauthenticated attacker can exploit this vulnerability to perform cryptographic operations against the platform's signing key, potentially leading to full compromise of confidentiality, integrity, and availability of the affected system. The critical CVSS score of 10 reflects the severity and ease of exploitation over the network without any privileges or user interaction.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or vendor advisory is provided at this time. Until a patch is available, restrict network access to the Aqara IAM/SSO Gateway to trusted entities only and monitor for suspicious activity related to cryptographic operations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- runZero
- Date Reserved
- 2026-06-03T14:25:34.982Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a2c2839e617e2d83487dabb
Added to database: 6/12/2026, 3:39:37 PM
Last enriched: 6/12/2026, 3:54:51 PM
Last updated: 6/13/2026, 7:00:46 AM
Views: 12
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.