← Advisories

JUNG Smart Visu Server 1.1.1050 Remote Server Shutdown

High

Advisory ID

ZSL-2026-5971

Release Date

12 February 2026

Vendor

ALBRECHT JUNG GMBH & CO. KG - https://www.jung-group.com, https://www.jung.de

Affected Version

1.1.1050

CVE

CVE-2026-26235

Tested On

Jetty(9.2.12.v20150709)

Summary

The Smart Visu Server makes your intelligent building control convenient. With the user-friendly operating concept, you can control both the KNX system and other systems such as Philips Hue or Sonos on your mobile devices. You can likewise connect voice control to your KNX system with Amazon Alexa or Google Assistant via the Smart Visu Server.

Description

The device is suffering from a Denial of Service (DoS). An unauthenticated attacker can reboot or shutdown the server by sending one POST request.

Proof of Concept

jung_dos.txtTXT

Disclosure Timeline

07.02.2026Vulnerability discovered.

07.02.2026Vendor contacted.

11.02.2026No response from the vendor.

12.02.2026Public security advisory released.

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]https://www.cve.org/CVERecord?id=CVE-2026-26235

[2]https://www.vulncheck.com/advisories/jung-smart-visu-server-jung-smart-visu-server-missing-authentication

[3]https://packetstorm.news/files/id/215521/

Changelog

12.02.2026Initial release

13.02.2026Added reference [3]