Home / Vulnerability Intelligence / CVE-2026-26369

CVE-2026-26369 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: February 15, 2026

eNet SMART HOME server - Privilege Escalation

Published: February 15, 2026Updated: February 15, 2026Remote Exploitable

Overview

eNet SMART HOME server 2.2.1 and 2.3.1 contain a privilege escalation caused by insufficient authorization checks in the setUserGroup JSON-RPC method, letting low-privileged users elevate their privileges to admin, exploit requires low-privileged user access.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 4.1%(Probability of exploitation in next 30 days)

Impact

Low-privileged users can gain administrative capabilities, allowing full control over device configurations and network settings.

Mitigation

Update to the latest version that fixes the authorization checks.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 16, 2026

🔴 CVE-2026-26369 - Critical (9.8) eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to insufficient authorization checks in the setUserGroup JSON-RPC method. A low-privileged user (UG_USER) can send a crafted POST request to /jsonrpc/manageme... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26369/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-26369
Severity: Critical
CVSS Score: 9.8
Type: broken_access_control
Status: new
EPSS: 4.1%
Social Posts: 1

CWE

CWE-269

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

4.1%Probability of exploitation in the next 30 days