openremote — Vulnerabilities & Security Advisories 3

All 3 CVE vulnerabilities found in openremote, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-40882	OpenRemote has XXE in Velbus Asset Import CWE-611	7.6	High	2026-04-22
CVE-2026-41166	OpenRemote has Improper Access Control via updateUserRealmRoles function CWE-284	7.0	High	2026-04-22
CVE-2026-39842	OpenRemote is Vulnerable to Expression Injection CWE-94	10.0	Critical	2026-04-14

All 3 known CVE vulnerabilities affecting openremote with full Chinese analysis, references, and POCs where available.