Missing Authentication in UGREEN Network Switch Administrative Interface
CVE-2026-8185

5.3MEDIUM

Key Information:

Vendor: Ugreen
Status: Cm933
Vendor: CVE Published:; 9 May 2026

What is CVE-2026-8185?

A significant security flaw has been identified in the UGREEN CM933, specifically involving the Administrative Interface, that permits unauthorized access due to missing authentication mechanisms. This vulnerability requires an attacker to be on the same local network to exploit it effectively. The vendor, UGREEN, has acknowledged the issue and is actively working on a resolution. The fix is anticipated to be included in an upcoming release scheduled for late April, emphasizing the need for users to update their products to maintain network integrity.

Affected Version(s)

CM933 1.1.59.4319

References

https://vuldb.com/vuln/362337

vdb-entry

https://vuldb.com/vuln/362337/cti

signaturepermissions-required

https://vuldb.com/submit/793588

third-party-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 9, 2026
Vulnerability Reserved
May 8, 2026

Credit

0xd0 (VulDB User)

VulDB CNA Team

CVE-2026-8185 Data

JSON