cve-2026-6411

CVE-2026-6411 is a security vulnerability in MAXHUB Pivot client application versions before v1.36.2. The flaw involves a hardcoded AES key that exposes tenant email data and metadata, and may allow unauthorized MQTT device enrollment leading to denial of service. CISA published an advisory on May 7, 2026, noting no evidence of public exploitation. MAXHUB has released a fix via over-the-air update. This tag covers discussions about the vulnerability, its impact on cloud-tenant data exposure, and the broader lesson about hardcoded secrets in device-management clients.