CVE-2026-8153

Published May 8, 2026

Last updated a month ago

CVSS critical 9.8
OT

Overview

Description
OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.25.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS.
Source
1b7e193f-2525-49a1-b171-84af8827c9eb
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

1b7e193f-2525-49a1-b171-84af8827c9eb
CWE-78

Social media

Hype score
Not currently trending

  1. 🚨 Critical flaw in industrial robots could enable remote takeover 🤖⚠️ CVE-2026-8153 lets attackers execute commands on Universal Robots controllers 🔥 Flat OT networks raise fleet-wide compromise risk 👇 #aiz_cyber #CVE #ZeroDay #PatchNow https://t.co/2SAfTgnjuM

    @Aiz_Cyber

    20 May 2026

    48 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. Nx Console Embedded Malicious Code VulnerabilityCVE-2026-48027
  2. Microsoft Defender Link Following VulnerabilityCVE-2026-41091
  3. In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sensor readings.CVE-2026-8602
  4. In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system.CVE-2026-8603
  5. Daemon Tools Lite Embedded Malicious Code VulnerabilityCVE-2026-8398

References

Sources include official advisories and independent security research.