CVE-2026-26235
Unauthenticated DoS Vulnerability in JUNG Smart Visu Server
Publication date: 2026-02-12
Last updated on: 2026-02-20
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jung-group | smart_visu_server_firmware | to 1.1.1050 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'The vulnerability affects JUNG Smart Visu Server version 1.1.1050 and allows unauthenticated remote attackers to cause a denial of service by sending a single specially crafted POST request.'}, {'type': 'paragraph', 'content': "This request triggers the server to reboot or shut down without requiring any authentication, effectively disrupting the server's availability."}, {'type': 'paragraph', 'content': 'The issue is due to missing authentication for a critical function, classified as CWE-306.'}] [1, 2]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability can lead to a denial of service condition by allowing attackers to remotely reboot or shut down the JUNG Smart Visu Server without any authentication.'}, {'type': 'paragraph', 'content': 'As a result, the server becomes unavailable, which can disrupt intelligent building control systems integrated with it, such as KNX, Philips Hue, Sonos, and voice assistants like Amazon Alexa and Google Assistant.'}, {'type': 'paragraph', 'content': "This disruption can affect building automation, user convenience, and potentially critical operations relying on the server's availability."}] [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized POST or specially crafted GET requests sent to the JUNG Smart Visu Server version 1.1.1050 that trigger a reboot or shutdown without authentication.
A practical detection method is to capture and analyze network traffic for unusual POST requests targeting the server, especially those that cause unexpected reboots.
For example, using command-line tools like curl to simulate the attack can help verify if the server is vulnerable:
- curl -X POST http://[server_ip]/[vulnerable_endpoint]
Additionally, network monitoring tools such as tcpdump or Wireshark can be used to detect suspicious POST or GET requests to the server.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting network access to the JUNG Smart Visu Server to trusted hosts only, such as by using firewall rules or network segmentation.
Since the vulnerability allows unauthenticated remote shutdown or reboot via POST requests, blocking or filtering such requests at the network perimeter can reduce exposure.
Additionally, monitoring server logs for unexpected reboots or shutdowns can help detect exploitation attempts early.
Contacting the vendor for patches or updates and applying them as soon as they become available is also recommended.