Shark RV2320EDUS / AV1102ARUS cross-model AWS IoT Exec_Command RCE flaw
Vulnerability
Summary
Hide ▲
Show ▼
A SharkNinja vacuum certificate flaw now enables root command execution on other Shark vacuums in the same AWS region, exposing camera feeds, house maps, and plaintext Wi‑Fi passwords. The issue affects Shark RV2320EDUS-based certificates and can be used against devices such as AV1102ARUS when their cloud shadow handler accepts Exec_Command updates.
Related Happenings
AWS Device Defender overly permissive IoT policy remediation
Advisory/Mitigation
H score66
First: 16.07.2026 12:23
Last: 16.07.2026 12:23
Sources 1
How related:
Per AWS's remediation guidance, a non-compliant policy is replaced by pushing a scoped version with CreatePolicyVersion and the setAsDefault flag, which makes that version operative for every certificate using the policy.
About this happening:
AWS's IOT_POLICY_OVERLY_PERMISSIVE_CHECK directs operators to replace broad IoT policies with device-scoped versions, closing a path that can let a compromised certificate...
AWS Device Defender overly permissive IoT policy remediation
Advisory/MitigationHow related: Per AWS's remediation guidance, a non-compliant policy is replaced by pushing a scoped version with CreatePolicyVersion and the setAsDefault flag, which makes that version operative for every certificate using the policy.
About this happening: AWS's IOT_POLICY_OVERLY_PERMISSIVE_CHECK directs operators to replace broad IoT policies with device-scoped versions, closing a path that can let a compromised certificate...
OpenClaw command-injection, path-traversal, and link-following flaws (multiple vulnerabilities)
Vulnerability
H score33
First: 10.07.2026 17:19
Last: 10.07.2026 17:19
Sources 1
About this happening:
OpenClaw now has three patched high-severity vulnerabilities that can lead to credential theft, privilege escalation, and arbitrary code execution on the host....
OpenClaw command-injection, path-traversal, and link-following flaws (multiple vulnerabilities)
VulnerabilityAbout this happening: OpenClaw now has three patched high-severity vulnerabilities that can lead to credential theft, privilege escalation, and arbitrary code execution on the host....
Amazon Q Developer MCP trust flaw (CVE-2026-12957)
Vulnerability
H score32
First: 26.06.2026 16:53
Last: 26.06.2026 16:53
Sources 1
About this happening:
Amazon Q Developer had a high-severity trust-boundary flaw in MCP server handling that could let a malicious repository trigger commands on a developer machine and ste...
Amazon Q Developer MCP trust flaw (CVE-2026-12957)
VulnerabilityAbout this happening: Amazon Q Developer had a high-severity trust-boundary flaw in MCP server handling that could let a malicious repository trigger commands on a developer machine and ste...
Aqua Security hit by data theft breach
Incident
H score37
First: 20.03.2026 19:47
Last: 20.03.2026 19:47
Sources 1
About this happening:
The Aqua Security Trivy incident involved a supply-chain compromise that delivered a credential-stealing infostealer through trusted releases and GitHub Actions. A...
Aqua Security hit by data theft breach
IncidentAbout this happening: The Aqua Security Trivy incident involved a supply-chain compromise that delivered a credential-stealing infostealer through trusted releases and GitHub Actions. A...
Latest development: 23.03.2026 10:31
TeamPCP broadened the Trivy supply-chain compromise by pushing trojanized Docker Hub images for Trivy 0.69.4, 0.69.5, and 0.69.6 on March 22, 2026, then defacing all 44 internal repositories in Aqua Security's aquasec-com GitHub organization by renaming them with the tpcp-docs- prefix, setting descriptions to "TeamPCP Owns Aqua Security," and exposing them publicly.
GNU InetUtils telnetd pre-auth buffer overflow (CVE-2026-32746)
Vulnerability
H score39
First: 18.03.2026 07:06
Last: 18.03.2026 07:06
Sources 1
About this happening:
A critical CVE-2026-32746 flaw in GNU InetUtils telnetd lets an unauthenticated attacker trigger remote code execution as root over port 23, exposing internet-...
GNU InetUtils telnetd pre-auth buffer overflow (CVE-2026-32746)
VulnerabilityAbout this happening: A critical CVE-2026-32746 flaw in GNU InetUtils telnetd lets an unauthenticated attacker trigger remote code execution as root over port 23, exposing internet-...
Timeline
-
16.07.2026 12:23 1 articles · 2h ago
Tokay0 sends SharkNinja disclosure details for the vacuum certificate flaw
Initial DisclosureTokay0 sends SharkNinja the disclosure details for a Shark RV2320EDUS certificate-reuse flaw that can let a stolen certificate publish shadow updates to other Shark vacuums in the same AWS region and run root commands that expose camera feeds, house maps, and plaintext Wi-Fi passwords.
Show sources
- Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide — thehackernews.com — 16.07.2026 12:23
-
16.07.2026 12:23 1 articles · 2h ago
SharkNinja says the vacuum certificate flaw report is under review
Untyped PhaseSharkNinja tells tokay0 that the Shark vacuum certificate flaw report is under review after receiving the disclosure details.
Show sources
- Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide — thehackernews.com — 16.07.2026 12:23
-
16.07.2026 12:23 1 articles · 2h ago
Tokay0 asks MITRE for a CVE ID for the Shark vacuum flaw
Untyped PhaseTokay0 asks MITRE's CNA of last resort for a CVE ID for the Shark vacuum vulnerability.
Show sources
- Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide — thehackernews.com — 16.07.2026 12:23
-
16.07.2026 12:23 1 articles · 2h ago
SharkNinja promises a confirmed completion date for the vacuum flaw
Untyped PhaseSharkNinja tells tokay0 it will send a confirmed completion date by July 10, but no email arrives.
Show sources
- Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide — thehackernews.com — 16.07.2026 12:23
-
16.07.2026 12:23 2 articles · 2h ago
Stolen Shark vacuum certificates enable root commands across the same AWS region
Technical Analysis UpdateTokay0 publishes the flaw affecting Shark RV2320EDUS and related Shark vacuums, showing that a certificate from one robot can be reused against Shark's AWS IoT cloud broker to land a reverse shell on an AV1102ARUS, view the onboard camera, drive the robot, and recover the Wi-Fi password in plaintext.
Show sources
- Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide — thehackernews.com — 16.07.2026 12:23
- Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide — thehackernews.com — 16.07.2026 12:23