Kuksa · Kuksa · CVE-2026-6272
**Name of the Vulnerable Software and Affected Versions**
Kuksa (affected versions not specified)
**Description**
A client with a read-only JWT scope can register as a signal provider via the 'kuksa.val.v2' OpenProviderStream API by sending a `ProvideSignalRequest`. This allows an attacker to respond to `GetProviderValueRequest` messages with forged data, which is then delivered to other clients requesting values for that signal.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.