CVE-2026-50212
Received Received - Intake
Device Dissociation API Denial of Service

Publication date: 2026-06-04

Last updated on: 2026-06-04

Assigner: 8fc372e3-d9c5-46e4-9410-38469745c639

Description
Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-04
Last Modified
2026-06-04
Generated
2026-06-04
AI Q&A
2026-06-04
EPSS Evaluated
N/A
NVD
CVE-2026-50212
EUVD
EUVD-2026-34224
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is caused by weak validation logic within device dissociation API routines. It allows a remote attacker to forcefully unbind user endpoints that are unrelated, meaning the attacker can disconnect devices or users that they should not have control over.

Essentially, the API does not properly verify whether the request to dissociate a device is legitimate or authorized, enabling an attacker to cause disruption by unbinding devices arbitrarily.


How can this vulnerability impact me? :

The primary impact of this vulnerability is a severe denial of service. Because an attacker can forcefully unbind unrelated user endpoints, legitimate users may lose connectivity or access to their devices or services unexpectedly.

This disruption can affect availability and reliability of the affected system or service, potentially causing operational interruptions and user dissatisfaction.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart