CVE-2026-50089
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk4th percentile - higher than 4% of all known CVEs
Summary
The Aqara IAM/SSO Gateway (gw-builder.aqara.com) contains an open redirect vulnerability (CWE-601), allowing an attacker to redirect users to an external malicious site. The estimated CVSS score is 6.1 (Medium).
Risk Assessment
The risk involves the possibility of a phishing attack where a victim, upon clicking a link, is redirected to a fake site, potentially leading to theft of login credentials or other sensitive information.
Recommendation
Immediately update the Aqara IAM/SSO Gateway to the latest version that fixes the open redirect vulnerability. Until the update is applied, implement URL validation mechanisms for redirects.
Original NVD description (English source)
The Aqara IAM/SSO Gateway (gw-builder.aqara.com) provides an open redirect, which is an instance of "CWE-601: URL Redirection to Untrusted Site," with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (6.1 Medium), which can be used to set up a phishing attack.

