JetKVM prior to 0.5.4 does not verify the authenticity of downloaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding SHA256 hash to pass verification.
CVSS Score
7.0
EPSS Score
0.0
Published
2026-03-17
JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials.
CVSS Score
9.3
EPSS Score
0.0
Published
2026-03-17