CVE-2026-33359
HIGH NVDCVSS Score
7.5
Severity
HIGH
Source
NVD
Published
May 11, 2026
Description
In Meari IoT Cloud alert image storage on Alibaba OSS (latest observed; storage service version not disclosed), motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows.