CVE-2026-33361
Published: 11 May 2026
Summary
CVE-2026-33361 is a high-severity Inadequate Encryption Strength (CWE-326) vulnerability in Runzero (inferred from references). Its CVSS base score is 7.5 (High).
Operationally, ranked at the 6.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Maintaining currency with technologies and practices reduces selection of encryption mechanisms that provide inadequate strength.
Updated assessments identify when previously adequate encryption strength no longer meets current attack capabilities or compliance drivers.
Establishment procedures require selection and generation of keys with adequate length and strength for the chosen algorithm.
Specifies required cryptography types and parameters, preventing selection of inadequate encryption strength.
Prompt patching corrects inadequate encryption strength when vendors release updates that increase key sizes or algorithm security.
NVD Description
In Meari IoT SDK image handling (libmrplayer.so) as observed in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and related white-label apps (<= 1.8.x), baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable…
more
key derivation model.
Deeper analysisAI
Automated synthesis unavailable for this CVE.
Details
- CWE(s)