CVE-2026-50108
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk34th percentile - higher than 34% of all known CVEs
Summary
The Naxclow platform API that returns device relay registration details exposes a persistent credential without verifying that the requester is the legitimate device or owner. An actor able to present a platform-valid request signature can retrieve credentials for arbitrary devices and register on the relay as that device.
Risk Assessment
The risk to the organization involves the potential for interception and disruption of device communications, which could lead to data loss or system integrity breaches.
Recommendation
It is recommended to implement additional identity verification mechanisms for requesters to prevent unauthorized access to device credentials.
Original NVD description (English source)
The Naxclow platform API that returns device relay registration details exposes a persistent credential without verifying that the requester is the legitimate device or owner. An actor able to present a platform-valid request signature can retrieve credentials for arbitrary devices and register on the relay as that device, enabling interception and disruption of its communications.

