CVE-2026-26235
Undergoing Analysis Undergoing Analysis - In Progress
Unauthenticated DoS Vulnerability in JUNG Smart Visu Server

Publication date: 2026-02-12

Last updated on: 2026-02-20

Assigner: VulnCheck

Description
JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that allows unauthenticated attackers to remotely shutdown or reboot the server. Attackers can send a single POST request to trigger the server reboot without requiring any authentication.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-12
Last Modified
2026-02-20
Generated
2026-06-16
AI Q&A
2026-02-12
EPSS Evaluated
2026-06-15
NVD
CVE-2026-26235
EUVD
EUVD-2026-7032
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jung-group smart_visu_server_firmware to 1.1.1050 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'The vulnerability affects JUNG Smart Visu Server version 1.1.1050 and allows unauthenticated remote attackers to cause a denial of service by sending a single specially crafted POST request.'}, {'type': 'paragraph', 'content': "This request triggers the server to reboot or shut down without requiring any authentication, effectively disrupting the server's availability."}, {'type': 'paragraph', 'content': 'The issue is due to missing authentication for a critical function, classified as CWE-306.'}] [1, 2]

Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability can lead to a denial of service condition by allowing attackers to remotely reboot or shut down the JUNG Smart Visu Server without any authentication.'}, {'type': 'paragraph', 'content': 'As a result, the server becomes unavailable, which can disrupt intelligent building control systems integrated with it, such as KNX, Philips Hue, Sonos, and voice assistants like Amazon Alexa and Google Assistant.'}, {'type': 'paragraph', 'content': "This disruption can affect building automation, user convenience, and potentially critical operations relying on the server's availability."}] [1, 2]

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by monitoring for unauthorized POST or specially crafted GET requests sent to the JUNG Smart Visu Server version 1.1.1050 that trigger a reboot or shutdown without authentication.

A practical detection method is to capture and analyze network traffic for unusual POST requests targeting the server, especially those that cause unexpected reboots.

For example, using command-line tools like curl to simulate the attack can help verify if the server is vulnerable:

  • curl -X POST http://[server_ip]/[vulnerable_endpoint]

Additionally, network monitoring tools such as tcpdump or Wireshark can be used to detect suspicious POST or GET requests to the server.

Mitigation Strategies

Immediate mitigation steps include restricting network access to the JUNG Smart Visu Server to trusted hosts only, such as by using firewall rules or network segmentation.

Since the vulnerability allows unauthenticated remote shutdown or reboot via POST requests, blocking or filtering such requests at the network perimeter can reduce exposure.

Additionally, monitoring server logs for unexpected reboots or shutdowns can help detect exploitation attempts early.

Contacting the vendor for patches or updates and applying them as soon as they become available is also recommended.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-26235. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart