CVE-2026-26368 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: February 15, 2026
eNet SMART HOME - Broken Access Control
Overview
eNet SMART HOME server 2.2.1 and 2.3.1 contain a broken access control vulnerability caused by missing authorization in the resetUserPassword JSON-RPC method, letting authenticated low-privileged users reset passwords of arbitrary accounts including admins, exploit requires authenticated low-privileged user.
Severity & Score
Impact
Authenticated low-privileged users can take over any account including admins, leading to full administrative access and persistent privilege escalation.
Mitigation
Update to the latest version that patches this vulnerability.
References
Social Media Activity(2 posts)
🚨 CVE-2026-26368 (HIGH, CVSS 8.7): JUNG eNet SMART HOME server v2.2.1 & 2.3.1 lets low-priv users reset admin passwords via JSON-RPC, risking account takeover. Patch or restrict /jsonrpc/management endpoint now! Details: https://radar.offseq.com/threat/cve-2026-26368-missing-authorization-in-jung-enet--3a6df6c1 #OffSeq #SmartHome #Infosec
View original post
🚨 CVE-2026-26368 (HIGH, CVSS 8.7): JUNG eNet SMART HOME server v2.2.1 & 2.3.1 lets low-priv users reset admin passwords via JSON-RPC, risking account takeover. Patch or restrict /jsonrpc/management endpoint now! Details: https://radar.offseq.com/threat/cve-2026-26368-missing-authorization-in-jung-enet--3a6df6c1 #OffSeq #SmartHome #Infosec
View original postRelated Resources
Details
- CVE ID
- CVE-2026-26368
- Severity
- High
- CVSS Score
- 8.8
- Type
- broken_access_control
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-862
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H