Investigations Archives - Private Home Lab

Aqara Cloud OAuth Flaw (CVE-2026-50090): What It Is and Whether You Are Affected

June 18, 2026June 18, 2026 by N. Lee

Aqara hub with smart home security dashboard

CVE-2026-50090 is a CVSS 9.3 OAuth redirect bypass in Aqara’s cloud. If you run Zigbee2MQTT, ZHA, or local HomeKit, you are not in scope. Here is why.

Mijia App Outages Keep Happening — Why Local Setups Don’t Care

June 18, 2026June 17, 2026 by N. Lee

A 16 June Mijia outage broke the app for tens of millions. Here’s why local Home Assistant automations kept running and what determines if yours would too.

Xiaomi Home HA Integration: Cloud vs Local — What Data Does It Send?

June 18, 2026June 15, 2026 by N. Lee

Xiaomi gateway with local and cloud smart home context

What data does the official ha_xiaomi_home integration send to Xiaomi’s cloud? Token storage risks, LAN mode limits, and who true local control works for.

Does Aqara Collect Data in Local Mode? The 2026 Privacy Policy Explained

May 25, 2026April 29, 2026 by N. Lee

Aqara’s March 2026 privacy policy update explicitly addresses local mode data collection. Here’s what it says, what it doesn’t cover, and how to verify it.