CVE-2026-32294 — MEDIUM (4.7)

Q: How severe is CVE-2026-32294?

CVE-2026-32294 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-32294?

Check the references section above for vendor advisories and patch information. Affected products include: Jetkvm Kvm.

Vulnerability Description

JetKVM prior to 0.5.4 does not verify the authenticity of downloaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding SHA256 hash to pass verification.

CVSS Score

4.7

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Jetkvm	Kvm	<= 0.5.3

Related Weaknesses (CWE)

CWE-347 CWE-345

References

https://eclypsium.com/blog/kvm-devices-the-keys-to-your-kingdom-are-hanging-on-tThird Party Advisory
https://github.com/jetkvm/kvm/releases/tag/release%2F0.5.4Release Notes
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/Broken Link
https://www.cve.org/CVERecord?id=CVE-2026-32294Third Party Advisory

FAQ

What is CVE-2026-32294?

CVE-2026-32294 is a vulnerability with a CVSS score of 4.7 (MEDIUM). JetKVM prior to 0.5.4 does not verify the authenticity of downloaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding SHA256 has...

How severe is CVE-2026-32294?

CVE-2026-32294 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-32294?

Check the references section above for vendor advisories and patch information. Affected products include: Jetkvm Kvm.