| Vendor | Product | CVE | Vulnerability | CVSS 3.1 | Patch Status |
|---|---|---|---|---|---|
| GL-iNet | Comet RM-1 | CVE-2026-32290 | GL-iNet Comet KVM insufficient verification of firmware authenticity | 4.2 | Fix being planned. |
| GL-iNet | Comet RM-1 | CVE-2026-32291 | GL-INet Comet KVM UART root access | 7.6 | Fix being planned. |
| GL-iNet | Comet RM-1 | CVE-2026-32292 | GL-INet Comet KVM insufficient brute-force protection | 5.3 | Fixed in v1.8.1 BETA |
| GL-iNet | Comet RM-1 | CVE-2026-32293 | GL-iNet Comet KVM Insecure Initial Provisioning via Unauthenticated Cloud Connection | 3.1 | Fixed in v1.8.1 BETA |
| Angeet/Yeeso | ES3 KVM | CVE-2026-32297 | Angeet ES3 KVM unauthenticated file | 9.8 | No fix available |
| Angeet/Yeeso | ES3 KVM | CVE-2026-32298 | Angeet ES3 KVM OS command injection | 8.8 | No fix available |
| Sipeed | NanoKVM | CVE-2026-32296 | Sipeed NanoKVM configuration endpoint exposure | 5.4 | Fixed in NanoKVM v2.3.1 and NanoKVM Pro 1.2.4 |
| JetKVM | JetKVM | CVE-2026-32294 | JetKVM insufficient update verification | 6.7 | Fixed in version 0.5.4 |
| JetKVM | JetKVM | CVE-2026-32295 | JetKVM insufficient rate limiting | 7.3 | Fixed in version 0.5.4 |
As the table above shows, some of the devices are being fixed. As of Tuesday, however, the most severe vulnerabilities—found in IP KVMs made by Angeet/Yeeso—aren’t.
Device vulnerabilities are only one type of risk posed by such devices. Threats are also posed because it’s easy to intentionally or unintentionally deploy them in ways that leave an entire network vulnerable. HD Moore, a security expert and the founder and CEO of runZero, performed an Internet scan on Monday that found a little more than 1,300 such devices, up from about 1,000 he found last June.
Moore has long warned about the risks posed by baseboard management controllers (BMCs), the motherboard-attached microcontrollers that allow admins to remotely access entire fleets of servers. He said IP KVMs can similarly expose networks.
“The core issue is that if the KVM is compromised, it’s often easy to take over whatever system the KVM is attached to, even if that system is otherwise secure from network attacks,” Moore said in an interview. “Similar to BMCs, any flaw on the out-of-band side undercuts the existing security measures. The specific bugs vary, but the end result is access to a server that someone thinks is important enough to warrant remote management.”
Both runZero and Eclypsium recommend admins scan their networks to identify any overlooked IP KVMs. Eclypsium has made scanning tools available here. Both say that the devices should be secured with a strong password and the use of a reputable VPN. Both Wireguard and Tailscale provide easy integration.
