What is CVE-2026-41446?

CVE-2026-41446 is a critical-severity vulnerability in Snap One, Llc Wattbox 800, classified under Use of Hard-coded Credentials. CVSS score: 9.8/10. Published 2026-04-28.

How severe is CVE-2026-41446?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Snap One, Llc Wattbox 800

CVE-2026-41446

Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both of which are printed in plaintext on th…

EPSS: 0.001 (26.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Snap One, Llc Wattbox 800 — versions 0
Snap One, Llc Wattbox 820 — versions 0

Weakness classification (CWE)

CWE-798 — Use of Hard-coded Credentials
CWE-912 — Hidden Functionality

References

disclosure@vulncheck.com (release-notes, patch)

Frequently asked questions

What is CVE-2026-41446?: CVE-2026-41446 is a critical-severity vulnerability in Snap One, Llc Wattbox 800, classified under Use of Hard-coded Credentials. CVSS score: 9.8/10. Published 2026-04-28.
How severe is CVE-2026-41446?: Critical severity. CVSS v3 base score is 9.8 out of 10.