CVE-2026-33268

6.5 MEDIUM
Published: March 25, 2026 Modified: March 25, 2026
View on NVD

Description

Nanoleaf Lines 12.3.2 does not authenticate firmware file uploads. A remote, unauthenticated attacker can upload firmware files on the device and consume storage resources. Fixed in 12.3.6.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-084-01.json
Source: 9119a7d8-5eab-497f-8521-727c672e3725
https://www.cve.org/CVERecord?id=CVE-2026-33268
Source: 9119a7d8-5eab-497f-8521-727c672e3725

2 reference(s) from NVD

Quick Stats

CVSS v3 Score
6.5 / 10.0
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-400

Related CVEs

CVE-2026-4363 3.7
CVE-2026-3126 N/A
CVE-2026-26830 9.8
CVE-2026-23514 8.8
CVE-2025-59707 N/A