1. LAN Hijack Vulnerability in Discovery Pairing: Attacker Could Steal Admin Secrets via Forged Requests
A critical security flaw in a discovery pairing mechanism allowed an attacker on the same local network to hijack pending requests and redirect sensitive shared secrets to a malicious endpoint. The vulnerability, classified as a P1-level issue, resided in the `createPairRequest()` function, which deduplicated pending r...