What is CVE-2026-50085?

CVE-2026-50085 is a high-severity vulnerability, classified under Missing Authentication for Critical Function. CVSS score: 8.6/10. Published 2026-06-12.

How severe is CVE-2026-50085?

High severity. CVSS v3 base score is 8.6 out of 10.

CVE-2026-50085

CVE-2026-50085

The Aqara Board service (op-test.aqara.com) accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" an…

Vulnerability class: Broken Authentication

CVSS v3 metric

CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L.

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

44488dab-36db-4358-99f9-bc116477f914
44488dab-36db-4358-99f9-bc116477f914

Frequently asked questions

What is CVE-2026-50085?: CVE-2026-50085 is a high-severity vulnerability, classified under Missing Authentication for Critical Function. CVSS score: 8.6/10. Published 2026-06-12.
How severe is CVE-2026-50085?: High severity. CVSS v3 base score is 8.6 out of 10.