Aqara Board Service Vulnerable To MQTT Injection
A critical vulnerability, CVE-2026-50085, has been identified in Aqara Board service, allowing unauthenticated MQTT command injection. This flaw, with a CVSS score of 8.6, could enable remote device takeover when combined with other vulnerabilities. No patch is currently available, and users are advised to monitor and isolate affected devices.
Topics
Developing
- 895d Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore.
- 895d Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
- 895d Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est.
- 895d Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium.
Sources · 7 independent
Mastodon
“CVE-2026-50085 - Unauthenticated MQTT command injection in Aqara Board service. CVSS 8.6. Remote device takeover possible when chained with other flaws. No patch available. Monitor and isolate affecte...”
Unlock the full story
Get a Pro subscription or above to see the live story progression and the full list of independent sources confirming each event as they happen.
Log in to upgrade