CVE-2026-40620 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: April 24, 2026
SenseLive X3050 - Authentication Bypass
Overview
SenseLive X3050 contains an authentication bypass caused by lack of authentication in the embedded management service, letting remote attackers gain full administrative control, exploit requires network access to management service.
Severity & Score
Impact
Attackers can gain full administrative control, allowing unrestricted modification of critical configurations and device state.
Mitigation
Update to the latest version or apply vendor patches addressing authentication in the management service.
References
Social Media Activity(2 posts)
SenseLive X3050 V1.523 is at CRITICAL risk (CVE-2026-40620, CVSS 9.3): missing auth lets remote attackers gain admin access. No patch yet — restrict management access, monitor logs, and follow vendor updates. https://radar.offseq.com/threat/cve-2026-40620-cwe-306-missing-authentication-for--0af2786c #OffSeq #CVE202640620 #IoTSecurity
View original post
SenseLive X3050 V1.523 is at CRITICAL risk (CVE-2026-40620, CVSS 9.3): missing auth lets remote attackers gain admin access. No patch yet — restrict management access, monitor logs, and follow vendor updates. https://radar.offseq.com/threat/cve-2026-40620-cwe-306-missing-authentication-for--0af2786c #OffSeq #CVE202640620 #IoTSecurity
View original postRelated Resources
Details
- CVE ID
- CVE-2026-40620
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- broken_authentication
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-306
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H