CVE-2026-50090 | Aqara | Valters IT Hub

June 13, 2026 · valtersit.com

CVE-2026-50090 is a critical vulnerability (CVSS 9.3) in the Aqara Cloud OAuth Authorization Endpoint (open-cn.aqara.com/oauth/authorize).

If you're connecting your Aqara devices directly to Home Assistant and are not using the Aqara cloud, then my read on this is that you should be good to go. This is not a vulnerability in the devices themselves but with the Aqara cloud stuff.

Join the conversation

Respond via email
Discuss on Mastodon
Discuss on Bluesky
Leave a comment

Your email is never shown. It's only so I can reply, and comments are moderated before they appear.
Name Email (optional, private) Website (optional, sets your avatar from your h-card) Comment
Send me a webmention

Written a response on your own site? Paste the URL and I'll display it alongside the others once webmention.io verifies the link back.
Your post URL