{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/maxhub/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["MAXHUB Pivot client application"],"_cs_severities":["medium"],"_cs_tags":["cve-2026-6411","maxhub","pivot","broken-crypto","dos"],"_cs_type":"advisory","_cs_vendors":["MAXHUB"],"content_html":"\u003cp\u003eA vulnerability, identified as CVE-2026-6411, affects the MAXHUB Pivot client application versions prior to v1.36.2. The vulnerability stems from the presence of a hardcoded AES key within the application. Successful exploitation allows an attacker to obtain encrypted tenant email addresses and related metadata from any tenant. The encrypted data can be decrypted, enabling access to tenant email addresses and associated information in cleartext. Additionally, an attacker may be able to cause a denial-of-service (DoS) condition by enrolling multiple unauthorized devices into a tenant via MQTT, potentially disrupting tenant operations. This issue was reported to MAXHUB by Malik MAKKES and Yassine BENGANA of Abicom Groupe OCI.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a MAXHUB Pivot client application running a version prior to v1.36.2.\u003c/li\u003e\n\u003cli\u003eThe attacker gains access to the application\u0026rsquo;s installation directory or memory to extract the hardcoded AES key.\u003c/li\u003e\n\u003cli\u003eThe attacker intercepts network traffic or accesses local data stores where tenant email addresses and metadata are stored in encrypted form.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the extracted AES key to decrypt the intercepted data, revealing tenant email addresses and associated information in cleartext.\u003c/li\u003e\n\u003cli\u003e(Optional) The attacker enrolls multiple unauthorized devices into a tenant via MQTT, leveraging the vulnerability to flood the system with requests.\u003c/li\u003e\n\u003cli\u003eThe excessive number of enrolled devices overwhelms the tenant\u0026rsquo;s resources, leading to a denial-of-service condition.\u003c/li\u003e\n\u003cli\u003eLegitimate users are unable to access or use the MAXHUB Pivot client application, disrupting tenant operations.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-6411 allows an attacker to access sensitive tenant email addresses and associated metadata in cleartext. This information could be used for further malicious activities, such as phishing or identity theft. Furthermore, an attacker may trigger a denial-of-service condition by enrolling multiple unauthorized devices into a tenant via MQTT, which disrupts tenant operations and potentially leads to financial losses due to downtime and recovery efforts. There is no known public exploitation specifically targeting this vulnerability reported to CISA at this time.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the MAXHUB Pivot client application to version v1.36.2 or newer to remediate CVE-2026-6411, as recommended by MAXHUB in their advisory.\u003c/li\u003e\n\u003cli\u003eImplement network segmentation to minimize the exposure of MAXHUB Pivot client application instances to potential attackers, as per CISA\u0026rsquo;s recommended practices.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect MAXHUB Pivot Client Application Hardcoded AES Key Usage\u0026rdquo; to detect potential exploitation attempts by monitoring for suspicious decryption activities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-07T12:00:00Z","date_published":"2026-05-07T12:00:00Z","id":"/briefs/2026-05-maxhub-pivot-vuln/","summary":"A vulnerability exists in MAXHUB Pivot client application versions prior to v1.36.2, where a hardcoded AES key allows attackers to decrypt tenant email addresses and associated metadata, and potentially cause a denial-of-service via unauthorized device enrollment through MQTT.","title":"MAXHUB Pivot Client Application Vulnerability CVE-2026-6411","url":"https://feed.craftedsignal.io/briefs/2026-05-maxhub-pivot-vuln/"}],"language":"en","title":"CraftedSignal Threat Feed — Maxhub","version":"https://jsonfeed.org/version/1.1"}