{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3588", "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "state": "PUBLISHED", "assignerShortName": "Nozomi", "dateReserved": "2026-03-05T09:45:23.765Z", "datePublished": "2026-03-09T15:41:21.062Z", "dateUpdated": "2026-03-09T16:46:56.548Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "shortName": "Nozomi", "dateUpdated": "2026-03-09T15:41:21.062Z"}, "title": "Server-Side Request Forgery (SSRF) in ikea dirigera", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-664", "descriptions": [{"lang": "en", "value": "CAPEC-664 Server Side Request Forgery"}]}], "affected": [{"vendor": "ikea", "product": "dirigera", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "2.866.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request.<br>"}]}], "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2026-3588", "tags": ["third-party-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}, "credits": [{"lang": "en", "value": "Luca Borzacchiello at Nozomi Networks", "type": "finder"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-09T16:46:48.990061Z", "id": "CVE-2026-3588", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T16:46:56.548Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3588", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-09T16:46:48.990061Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T16:46:53.865Z"}}], "cna": {"title": "Server-Side Request Forgery (SSRF) in ikea dirigera", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Luca Borzacchiello at Nozomi Networks"}], "impacts": [{"capecId": "CAPEC-664", "descriptions": [{"lang": "en", "value": "CAPEC-664 Server Side Request Forgery"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ikea", "product": "dirigera", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.866.4"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2026-3588", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request.", "supportingMedia": [{"type": "text/html", "value": "A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "shortName": "Nozomi", "dateUpdated": "2026-03-09T15:41:21.062Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3588", "state": "PUBLISHED", "dateUpdated": "2026-03-09T16:46:56.548Z", "dateReserved": "2026-03-05T09:45:23.765Z", "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "datePublished": "2026-03-09T15:41:21.062Z", "assignerShortName": "Nozomi"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ikea:dirigera_firmware:2.866.4:*:*:*:*:*:*:*", "matchCriteriaId": "2F7A5B83-2510-4DED-B1F0-E902F89B1E4E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ikea:dirigera:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF51C155-288A-4E35-9911-1D3604AF2A12", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request."}, {"lang": "es", "value": "Una vulnerabilidad de falsificaci\u00f3n de petici\u00f3n del lado del servidor (SSRF) en IKEA Dirigera v2.866.4 permite a un atacante exfiltrar claves privadas enviando una petici\u00f3n manipulada."}], "id": "CVE-2026-3588", "lastModified": "2026-05-06T14:22:34.300", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 5.3, "source": "prodsec@nozominetworks.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-09T16:16:21.343", "references": [{"source": "prodsec@nozominetworks.com", "tags": ["Third Party Advisory"], "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2026-3588"}], "sourceIdentifier": "prodsec@nozominetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "prodsec@nozominetworks.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2.866.4]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "dirigera", "source": "cna", "vendor": "ikea"}, "product": "dirigera", "vendor": "ikea"}], "analysis": {"en": {"generated_at": "2026-04-16T10:13:53.780865+00:00", "value": {"mitigation_remediation": ["Upgrade the IKEA Dirigera firmware to the latest available version that contains the SSRF fix.", "Restrict outgoing network traffic from the device, blocking access to internal IP ranges or ports used for key storage or management.", "Implement request validation on the device or proxy layer to allow only trusted destinations, effectively preventing the resolution of arbitrary URLs."], "summary": {"action": "Apply Patch", "impact": "Server-side request forgery that can lead to exfiltration of private keys."}, "threat_synthesis": {"affected_systems": "The vulnerability affects the IKEA Dirigera Smart Home platform, specifically version 2.866.4. No other versions or related products are listed as affected in the available data.", "description_and_impact": "A server-side request forgery flaw exists in IKEA Dirigera version 2.866.4, allowing an attacker to send crafted requests that the device will resolve and forward to arbitrary URLs. The vulnerability can be leveraged to reach internal resources and exfiltrate sensitive material such as private cryptographic keys. The weakness is classified as CWE\u2011918 and carries a CVSS score of 7.5, indicating a high impact if exploited.", "risk_and_exploitability": "The CVSS score suggests significant potential damage, though the EPSS score of less than 1% indicates a low estimated likelihood of exploitation at present. The vulnerability has not been cataloged in the CISA Known Exploited Vulnerabilities list. Attackers would need to place a forged request on the device, which is likely to be possible when the device is exposed to untrusted input sources such as public networks or mobile apps. No public exploit has been reported yet, but the path to exfiltrating private keys is clear once the flaw is triggered."}}}}, "created": "2026-03-10T14:07:19.043931+00:00", "updated": "2026-04-16T10:15:26.115284+00:00", "vendors": ["ikea", "ikea$PRODUCT$dirigera"]}