Dismissed
Permalink
CVE-2026-3588
7.5 HIGH
- CVSS version: 3.1
- Attack vector (AV): ADJACENT_NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): LOW
- Availability impact (A): LOW
by @mweinelt Activity log
- Created automatic suggestion
-
@mweinelt
removed
4 packages
- python312Packages.dirigera
- python313Packages.dirigera
- python314Packages.dirigera
- home-assistant-custom-components.dirigera_platform
- @mweinelt dismissed
Server-Side Request Forgery (SSRF) in ikea dirigera
A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request.
References
- https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2026-3588 third-party-advisory
Affected products
dirigera
- =<2.866.4
Ignored packages (4)
pkgs.python312Packages.dirigera
Module for controlling the IKEA Dirigera Smart Home Hub
pkgs.python313Packages.dirigera
Module for controlling the IKEA Dirigera Smart Home Hub
pkgs.python314Packages.dirigera
Module for controlling the IKEA Dirigera Smart Home Hub