CVE-2026-41446

Daily digests

Snap One WattBox 800 and 820 series power distribution units have hidden diagnostic HTTP endpoints that "authenticate" using only the device's MAC address and service tag. Both values are printed on the physical label. Anyone who can read the sticker (or a photo of it) gets root command execution on the device. CVSS 9.8.

• Daily Digest · Apr 29, 2026

  Chrome sandbox escape + 4 critical 9.8s