Thingsboard

Thingsboard

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.6

CVE-2026-53676

  • EPSS 0.6%
  • Veröffentlicht 17.06.2026 22:53:56
  • Zuletzt bearbeitet 22.06.2026 19:49:09

ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed context by a user who can log in to the affected product with the tenant administrator privilege (TENANT_ADMIN).

9.8

CVE-2026-36537

  • EPSS 0.51%
  • Veröffentlicht 15.06.2026 00:00:00
  • Zuletzt bearbeitet 16.06.2026 15:51:29

ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating ...

5

CVE-2026-9568

  • EPSS 0.22%
  • Veröffentlicht 26.05.2026 18:00:13
  • Zuletzt bearbeitet 26.05.2026 19:37:00

A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. It is possib...

5.4

CVE-2025-3261

  • EPSS 0.03%
  • Veröffentlicht 27.11.2025 18:15:46
  • Zuletzt bearbeitet 16.12.2025 11:15:44

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

9.1

CVE-2025-34282

  • EPSS 1.66%
  • Veröffentlicht 17.10.2025 18:33:41
  • Zuletzt bearbeitet 24.10.2025 13:43:12

ThingsBoard versions < 4.2.1 contain a server-side request forgery (SSRF) vulnerability in the dashboard's Image Upload Gallery feature. An attacker can upload a malicious SVG file that references a remote URL. If the server processes the SVG file in...

5.4

CVE-2025-34281

  • EPSS 0.35%
  • Veröffentlicht 17.10.2025 18:33:03
  • Zuletzt bearbeitet 10.02.2026 16:16:08

ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting (XSS) vulnerability. The exploit can be triggered when any user accesses the public ...

4.3

CVE-2025-9094

Exploit
  • EPSS 0.27%
  • Veröffentlicht 17.08.2025 22:32:05
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be initiate...

6.5

CVE-2024-55466

Exploit
  • EPSS 0.31%
  • Veröffentlicht 12.05.2025 00:00:00
  • Zuletzt bearbeitet 09.07.2025 01:38:44

An arbitrary file upload vulnerability in the Image Gallery of ThingsBoard Community, ThingsBoard Cloud and ThingsBoard Professional v3.8.1 allows attackers to execute arbitrary code via uploading a crafted file.

5.9

CVE-2024-9358

Exploit
  • EPSS 0.74%
  • Veröffentlicht 01.10.2024 02:15:10
  • Zuletzt bearbeitet 03.12.2025 14:26:07

A vulnerability has been found in ThingsBoard up to 3.7.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component HTTP RPC API. The manipulation leads to resource consumption. The attack can be launc...

6.5

CVE-2024-3270

Exploit
  • EPSS 0.58%
  • Veröffentlicht 03.04.2024 23:15:13
  • Zuletzt bearbeitet 07.02.2025 14:57:36

A vulnerability classified as problematic was found in ThingsBoard up to 3.6.2. This vulnerability affects unknown code of the component AdvancedFeature. The manipulation leads to improper access controls. The attack can be initiated remotely. The ex...