Aqara Cloud OAuth Authorization Endpoint Redirect Validation Bypass (CVE-2026-50090)

critical-cve-against-infra · active

Aqara's Cloud OAuth authorization endpoint (open-cn.aqara.com/oauth/authorize) improperly validates redirect URIs, allowing an attacker to bypass domain matching and redirect the OAuth flow to an attacker-controlled destination. This can be abused to steal authorization codes/tokens and hijack user smart-home accounts.

Affected packages

Indicators of compromise

• domainopen-cn.aqara.comAqara Cloud OAuth authorization endpoint host affected by the redirect validation bypass

Sources

• ghsahttps://github.com/advisories/GHSA-r6gg-58h5-pw3w
• nvdhttps://nvd.nist.gov/vuln/detail/CVE-2026-50090
• google-searchhttps://github.com/xn0tsa/theres-no-place-like-home
• google-searchhttps://www.runzero.com/advisories/aqara-oauth-redirect-validation-bypass-cve-2026-50090