CVE-2026-3465 | Tuya App/SDK 24.07.11 on Android JSON Data Point cruise_time denial of service

A vulnerability was found in Tuya App and SDK 24.07.11 on Android. It has been classified as problematic. Affected by this vulnerability is an unknown functionality of the component JSON Data Point Handler. This manipulation of the argument cruise_time causes denial of service.

This vulnerability is registered as CVE-2026-3465. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

There is ongoing doubt regarding the real existence of this vulnerability.

The vendor disagrees with the conclusion of the finding: “The described vulnerability fails to prove its feasibility or exploitability by attackers. The issue essentially does not constitute a security vulnerability, aligning more closely with abnormal product functionality.” These considerations are properly reflected within the CVSS vector.

CVE-2026-3465 | Tuya App/SDK 24.07.11 on Android JSON Data Point cruise_time denial of service

Post correlati

VDB-249767 | Microsoft Windows PowerShell argument injection

CVE-2024-32136 | Xenioushk BWL Advanced FAQ Manager Plugin up to 2.0.3 on WordPress sql injection

CVE-2024-40632 | linkerd up to edge-24.6.1 Service Port 4191 /shutdown server-side request forgery (GHSA-6v94-gj6x-jqj7)

CVE-2023-52802 | Linux Kernel up to 6.1.63/6.5.12/6.6.2 iio stm32_adc_probe null pointer dereference