CVE-2026-21411
Unknown Unknown - Not Provided
Authentication Bypass in OpenBlocks FW5.0.8 Allows Password Change

Publication date: 2026-01-06

Last updated on: 2026-01-06

Assigner: JPCERT/CC

Description
Authentication bypass issue exists in OpenBlocks series versions prior to FW5.0.8, which may allow an attacker to bypass administrator authentication and change the password.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-06
Last Modified
2026-01-06
Generated
2026-06-16
AI Q&A
2026-01-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-21411
EUVD
EUVD-2026-1070
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
plat_home openblocks to 5.0.8 (exc)
plat_home openblocks_iot_dx1 to 5.0.8 (exc)
plat_home openblocks_iot_ex to 5.0.8 (exc)
plat_home openblocks_iot_bx to 5.0.8 (exc)
plat_home openblocks_ix9 to 5.0.8 (exc)
plat_home openblocks_iot_vx2 to 5.0.8 (exc)
plat_home openblocks_idm_rx1 to 5.0.8 (exc)
plat_home openblocks_iot_fx1 to 5.0.8 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-288 The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-21411 is an authentication bypass vulnerability in the OpenBlocks series of devices running firmware versions prior to FW5.0.8. This flaw allows an attacker to bypass administrator authentication without needing privileges or user interaction, enabling them to change the administrator password. [2]

Impact Analysis

This vulnerability can have a severe impact as it allows an attacker to gain unauthorized administrator access to the affected OpenBlocks devices. With this access, the attacker can change the administrator password, potentially taking full control of the device, leading to compromise of device functionality, data integrity, and security. [2]

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the OpenBlocks device firmware to version FW5.0.8 or later. This update addresses the authentication bypass vulnerability CVE-2026-21411. The update can be applied via the WEB UI under [Maintenance] > [System Update] using the online update feature. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-21411. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart