Two vulnerabilities in the EnOcean SmartServer IoT platform, CVE-2026-22885 (CVSS 3.7) and CVE-2026-20761 (CVSS 8.1), can be chained to achieve remote code execution with root privileges by exploiting improper packet input validation. The flaws affect internet-exposed instances and outdated i.LON devices, enabling full takeover of building automation systems. EnOcean has resolved both flaws in SmartServer version 4.6 update 2.
Vulnerability Management , Patch/Configuration Management , IoT Remote building compromise likely with EnOcean SmartServer bugs May 1, 2026 Share By SC Staff (Adobe Stock) SecurityWeek reports that vulnerable internet-exposed EnOcean SmartServer IoT platform instances impacted by the security bypass flaw, tracked as CVE-2026-22885, and the remote code execution issue, tracked as CVE-2026-20761, could be targeted to remotely compromise smart buildings, data centers, and factories. Threat actors could weaponize the vulnerabilities to circumvent memory defenses and expose memory, as well as run arbitrary commands to take over building management and automation systems, according to an analysis from Claroty researchers, who identified the issues. "By exploiting improper validation of packet input, an attacker can control an argument passed to the devices built-in system call and achieve full takeover of the Linux-based device, gaining root privileges and arbitrary code execution," said Claroty, which has already issued proof-of-concept exploits following EnOcean's release of SmartServer 4.6 update 2 that resolves both flaws. Outdated i.LON devices were also noted to be affected by CVE-2026-22885 and CVE-2026-20761. SC Staff Related AI/ML Google: Addressing max severity Gemini CLI bug may require further action SC Staff May 1, 2026 Despite already issuing fixes for a maximum severity vulnerability in its Gemini CLI tool, Google has warned that organizations leveraging the command-line AI tool through GitHub Actions, or in headless mode, may have to perform additional actions to avoid breaking their CI/CD workflows, The Register reports. Security Operations SonicWall releases firmware updates for three CVEs Steve Zurier May 1, 2026 SonicWall patches 3 flaws; experts warn ransomware actors may quickly exploit unpatched firewalls. Vulnerability Management 5 ways to close the ‘exploitability gap’ Steve Carter May 1, 2026 Here’s a plan for strengthening the company’s vulnerability management program. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Bug Buffer Overflow Disassembly You can skip this ad in 5 seconds