Home / Vulnerability Intelligence / CVE-2026-32644

CVE-2026-32644 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 28, 2026

Milesight AIOT Cameras - Weak Cryptography

Published: April 28, 2026Updated: April 28, 2026Remote Exploitable

Overview

Milesight AIOT cameras contain a weak cryptography vulnerability caused by use of SSL certificates with default private keys, letting attackers potentially intercept or decrypt communications, exploit requires network access.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 2.2%(Probability of exploitation in next 30 days)

Impact

Attackers can intercept or decrypt secure communications, compromising confidentiality and integrity.

Mitigation

Update to the latest firmware version that replaces default SSL private keys.

References

Social Media Activity(2 posts)

OffSequence

@offseq

Apr 28, 2026

CVE-2026-32644 (CRITICAL, CVSS 9.2): Milesight MS-Cxx63-PD cameras have default SSL private keys, exposing encrypted traffic to interception & tampering. No patch yet — restrict access & follow vendor updates. https://radar.offseq.com/threat/cve-2026-32644-cwe-321-in-milesight-ms-cxx63-pd-60e79b90 #OffSeq #IoTSecurity #Vulnerability

View original post

TheHackerWire

@thehackerwire

Apr 28, 2026

🔴 CVE-2026-32644 - Critical (9.8) Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32644/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-32644
Severity: Critical
CVSS Score: 9.8
Type: weak_cryptography
Status: unconfirmed
EPSS: 2.2%
Social Posts: 2

CWE

CWE-321

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

2.2%Probability of exploitation in the next 30 days