LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-21410

CVE-2026-21410 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: February 24, 2026

InSAT MasterSCADA BUK-TS - SQL Injection

Published: February 24, 2026Updated: February 24, 2026Remote Exploitable

Overview

InSAT MasterSCADA BUK-TS contains a sql injection caused by unsanitized input in its main web interface, letting remote attackers execute arbitrary code, exploit requires crafted request.

Severity & Score

Severity: Critical
CVSS Score: 9.8
EPSS Score: 16.3%(Probability of exploitation in next 30 days)

Impact

Remote attackers can execute arbitrary code, potentially leading to full system compromise.

Mitigation

Update to the latest version of InSAT MasterSCADA BUK-TS.

References

Social Media Activity(3 posts)

BeyondMachines :verified:
BeyondMachines :verified:
@beyondmachines1
Feb 25, 2026

Critical Vulnerabilities Discovered in InSAT MasterSCADA BUK-TS InSAT MasterSCADA BUK-TS is affected by two critical vulnerabilities, CVE-2026-21410 and CVE-2026-22553, which allow unauthenticated remote code execution via SQL and OS command injection. **Since the vendor has not released a patch, you must assume these systems will be attacked if they are reachable online. Make sure your MasterSCADA BUK-TS is isolated from the internet and accessible only from trusted networks. Then reach out to the vendor for patches. If they don't respond, start planning a replacement.** #cybersecurity #infosec #advisory #vulnerability https://beyondmachines.net/event_details/critical-vulnerabilities-discovered-in-insat-masterscada-buk-ts-d-8-6-3-o/gD2P6Ple2L

View original post
Offensive Sequence
Offensive Sequence
@offseq
Feb 25, 2026

šŸšØ CRITICAL SQL Injection (CVE-2026-21410) affects all InSAT MasterSCADA BUK-TS versions. Unauthenticated RCE possible ā€” industrial ops at risk. Restrict access & monitor until patched. Details: https://radar.offseq.com/threat/cve-2026-21410-cwe-89-in-insat-masterscada-buk-ts-10cd43d6 #OffSeq #ICS #SCADA #Vulnerability

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Feb 24, 2026

šŸ”“ CVE-2026-21410 - Critical (9.8) InSAT MasterSCADA BUK-TS is susceptible to SQL Injection through its main web interface. Malicious users that use the vulnerable endpoint are potentially able to cause remote code execution. šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-21410/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-21410
Severity
Critical
CVSS Score
9.8
Type
sql_injection
Status
unconfirmed
EPSS
16.3%
Social Posts
3

CWE

  • CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

16.3%Probability of exploitation in the next 30 days