CVE-2026-33359

Name of the Vulnerable Software and Affected Versions Meari IoT Cloud (affected versions not specified)

Description Motion snapshots stored on Alibaba OSS are retrievable without authentication, signed URLs, or expiry enforcement. The system uploads JPEG images to the storage service when motion is detected and broadcasts the URL via the MQTT stream. These URLs act as direct object references and remain valid indefinitely, allowing anyone to access the images.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.