CVE-2026-35503

· NIST NVD ↗

A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker with access to the login page could retrieve these exposed parameters and gain unauthorized access to administrative functionality.

CRITICAL
CVSS severity
9.8
CVSS base score
2026-04-24
Published

CWE codes

CWE-798

Affected products

senselive:x3500_firmwaresenselive:x3500

Sources