CVE-2026-33362

HIGH NVD

CVSS Score 8.6

Severity HIGH

Published May 11, 2026

Vendor unknown

Description

In Meari IoT SDK builds embedded in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and white-label Android apps <= 1.8.x (latest observed), multiple security-critical secrets are hardcoded and shared, including API signing material, password-transport keying, and service access keys.

References

https://github.com/xn0tsa/nobody-puts-baby-in-a-corner
https://www.runzero.com/advisories/meari-sdk-hardcoded-cryptographic-keys-cve-2026-33362/