CVE-2026-26366 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: February 15, 2026
eNet SMART HOME - Authentication Bypass
Overview
eNet SMART HOME server 2.2.1 and 2.3.1 contains a broken authentication caused by default credentials remaining active without mandatory password change, letting unauthenticated attackers gain administrative access.
Severity & Score
Impact
Unauthenticated attackers can gain administrative access to smart home configurations, risking full control over the system.
Mitigation
Change default credentials immediately and enforce mandatory password changes after installation.
References
Social Media Activity(2 posts)
🚩 CVE-2026-26366: JUNG eNet SMART HOME servers (2.2.1/2.3.1) keep default creds active, allowing remote admin access (CRITICAL, CVSS 9.3). Change all passwords, segment networks, monitor access! https://radar.offseq.com/threat/cve-2026-26366-use-of-default-credentials-in-jung--23983d02 #OffSeq #IoTSecurity #CVE #SmartHome
View original post
🚩 CVE-2026-26366: JUNG eNet SMART HOME servers (2.2.1/2.3.1) keep default creds active, allowing remote admin access (CRITICAL, CVSS 9.3). Change all passwords, segment networks, monitor access! https://radar.offseq.com/threat/cve-2026-26366-use-of-default-credentials-in-jung--23983d02 #OffSeq #IoTSecurity #CVE #SmartHome
View original postRelated Resources
Details
- CVE ID
- CVE-2026-26366
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- broken_authentication
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-1392
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H