VYPR

Kuksa.val.v2

by Eclipse

Source repositories

CVEs (1)

  • CVE-2026-6272HigApr 24, 2026
    risk 0.55cvss epss 0.00

    A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 OpenProviderStream API by sending ProvideSignalRequest. 1. Obtain any valid token with only read scope. 2. Connect to the normal production gRPC API…