CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-26369

eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to insufficient authorization checks in the setUserGroup JSON-RPC method. A low-privileged user (UG_USER) can send a crafted POST request to /jsonrpc/management specifying their own username to elevate their account to the UG_ADMIN group, bypassing intended access controls and gaining administrative capabilities such as modifying device configurations, network settings, and other smart home system functions.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 4.5%

CVSS Severity

CVSS v3 Score 9.8

References

https://www.vulncheck.com/advisories/jung-enet-smart-home-server-privilege-escalation-v
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5975.php

Products affected by CVE-2026-26369

Jung-Group » Enet Smart Home » Version: 2.2.1

cpe:2.3:a:jung-group:enet_smart_home:2.2.1
Jung-Group » Enet Smart Home » Version: 2.3.1

cpe:2.3:a:jung-group:enet_smart_home:2.3.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-26369

Products

Pricing

Contact Us