CVE Catalog

CVE-2026-50108

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.42%

34th percentile - higher than 34% of all known CVEs

Summary

The Naxclow platform API that returns device relay registration details exposes a persistent credential without verifying that the requester is the legitimate device or owner. An actor able to present a platform-valid request signature can retrieve credentials for arbitrary devices and register on the relay as that device.

Risk Assessment

The risk to the organization involves the potential for interception and disruption of device communications, which could lead to data loss or system integrity breaches.

Recommendation

It is recommended to implement additional identity verification mechanisms for requesters to prevent unauthorized access to device credentials.

Original NVD description (English source)

The Naxclow platform API that returns device relay registration details exposes a persistent credential without verifying that the requester is the legitimate device or owner. An actor able to present a platform-valid request signature can retrieve credentials for arbitrary devices and register on the relay as that device, enabling interception and disruption of its communications.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS