CVE-2026-6411

Name of the Vulnerable Software and Affected Versions MAXHUB Pivot client versions prior to 1.36.2

Description An issue in the application allows an attacker to obtain encrypted tenant email addresses and related metadata from any tenant. Because a hardcoded AES key (Advanced Encryption Standard, a symmetric encryption algorithm) is present within the application, this encrypted data can be decrypted to reveal email addresses and associated information in cleartext. Additionally, an attacker can cause a denial-of-service condition by enrolling multiple unauthorized devices into a tenant via MQTT (Message Queuing Telemetry Transport, a lightweight messaging protocol), which may disrupt tenant operations.

Recommendations Update to version 1.36.2 or later.