CVE-2026-32683 — Some EZVIZ products utilize older versions of cloud feature

/MEDIUM /CVSS 5.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
National Vulnerability Database vulnerabilitycvemedium-severity
CVE-2026-32683 — Some EZVIZ products utilize older versions of cloud feature

CVE-2026-32683 — Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to obtain data.Users are advised to upgrade the app to the latest version and enable t

What This Means For You

  • If your environment is affected by this vulnerability type, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-32683 updates and patches.

Related ATT&CK Techniques

T1041 Exfiltration Over C2 Channel Exfiltration T1020 Automated Exfiltration Exfiltration T1560.001 Archive via Utility Collection

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1020 Collection

EZVIZ Legacy Cloud API Data Eavesdropping — CVE-2026-32683

Sigma YAML — free preview 
title: EZVIZ Legacy Cloud API Data Eavesdropping — CVE-2026-32683
id: scw-2026-05-09-ai-1
status: experimental
level: high
description: |
  Detects potential eavesdropping on EZVIZ products utilizing legacy cloud API interfaces. This rule specifically looks for requests to known legacy API endpoints that could be exploited to obtain sensitive data transmitted over the network, as described in CVE-2026-32683. Attackers can exploit this by intercepting network requests to these endpoints.
author: SCW Feed Engine (AI-generated)
date: 2026-05-09
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-32683/
tags:
  - attack.collection
  - attack.t1020
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/api/v1/cloud/stream'
          - '/api/v2/cloud/data'
      cs-method:
          - 'GET'
          - 'POST'
      sc-status:
          - '200'
  condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-32683 vulnerability CVE-2026-32683

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 09, 2026 at 12:16 UTC

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

Related coverage

Hikvision Switches: Authenticated RCE in Discontinued Products

CVE-2026-3828 — Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid...

vulnerabilityCVEhigh-severity
/SCW Vulnerability Desk /HIGH /7.2 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-1749 — Some HikCentral Professional Versions. This Vulnerability

CVE-2026-1749 — There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.

vulnerabilityCVEmedium-severity
/SCW Vulnerability Desk /MEDIUM /6.8 /⚑ 1 IOC /⚙ 2 Sigma

CVE-2026-42560: Critical Patreon OAuth Flaw Merges User Identities

CVE-2026-42560 — auth provides authentication via oauth2, direct and email. From versions 1.18.0 to before 1.25.2 and 2.0.0 to before 2.1.2, the Patreon OAuth provider...

vulnerabilityCVEcriticalhigh-severitycwe-287
/SCW Vulnerability Desk /CRITICAL /9.1 /⚑ 4 IOCs /⚙ 3 Sigma