Focus on jung-group vulnerabilities and metrics.
Last updated: 08 Mar 2026, 23:25 UTC
This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with jung-group. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.
For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.
Total jung-group CVEs: 9
Earliest CVE date: 22 Jun 2022, 06:15 UTC
Latest CVE date: 15 Feb 2026, 16:15 UTC
Latest CVE reference: CVE-2026-26369
30-day Count (Rolling): 6
365-day Count (Rolling): 6
Calendar-based Variation
Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.
Month Variation (Calendar): 0%
Year Variation (Calendar): 0%
Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%
Average CVSS: 1.86
Max CVSS: 7.2
Critical CVEs (≥9): 0
| Range | Count |
|---|---|
| 0.0-3.9 | 6 |
| 4.0-6.9 | 2 |
| 7.0-8.9 | 1 |
| 9.0-10.0 | 0 |
These are the five CVEs with the highest CVSS scores for jung-group, sorted by severity first and recency.
eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to insufficient authorization checks in the setUserGroup JSON-RPC method. A low-privileged user (UG_USER) can send a crafted POST request to /jsonrpc/management specifying their own username to elevate their account to the UG_ADMIN group, bypassing intended access controls and gaining administrative capabilities such as modifying device configurations, network settings, and other smart home system functions.
eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the resetUserPassword JSON-RPC method that allows any authenticated low-privileged user (UG_USER) to reset the password of arbitrary accounts, including those in the UG_ADMIN and UG_SUPER_ADMIN groups, without supplying the current password or having sufficient privileges. By sending a crafted JSON-RPC request to /jsonrpc/management, an attacker can overwrite existing credentials, resulting in direct account takeover with full administrative access and persistent privilege escalation.
eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user (UG_USER) to delete arbitrary user accounts, except for the built-in admin account. The application does not enforce role-based access control on this function, allowing a standard user to submit a crafted POST request to /jsonrpc/management specifying another username to have that account removed without elevated permissions or additional confirmation.
eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentials to gain administrative access to sensitive smart home configuration and control functions.
JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that allows unauthenticated attackers to remotely shutdown or reboot the server. Attackers can send a single POST request to trigger the server reboot without requiring any authentication.
JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requests to generate tainted responses, enabling cache poisoning, potential phishing, and redirecting users to malicious domains.
A vulnerability has been found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832 and classified as critical. Affected by this vulnerability is an unknown functionality of the component KNX Group Address. The manipulation leads to backdoor. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component.
A vulnerability, which was classified as critical, was found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. Affected is an unknown function of the component SSH Server. The manipulation leads to backdoor. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component.
A vulnerability, which was classified as problematic, has been found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. This issue affects some unknown processing. The manipulation leads to backdoor. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component.