Home / Vulnerability Intelligence / CVE-2026-40620

CVE-2026-40620 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 24, 2026

SenseLive X3050 - Authentication Bypass

Published: April 24, 2026Updated: April 24, 2026Remote Exploitable

Overview

SenseLive X3050 contains an authentication bypass caused by lack of authentication in the embedded management service, letting remote attackers gain full administrative control, exploit requires network access to management service.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 6.7%(Probability of exploitation in next 30 days)

Impact

Attackers can gain full administrative control, allowing unrestricted modification of critical configurations and device state.

Mitigation

Update to the latest version or apply vendor patches addressing authentication in the management service.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Apr 24, 2026

🔴 CVE-2026-40620 - Critical (9.8) A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management conne... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40620/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-40620
Severity: Critical
CVSS Score: 9.8
Type: broken_authentication
Status: unconfirmed
EPSS: 6.7%
Social Posts: 1

CWE

CWE-306

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

6.7%Probability of exploitation in the next 30 days