Home / Vulnerability Intelligence / CVE-2026-4436

CVE-2026-4436 - Vulnerability Analysis

HighCVSS: 8.6

Last Updated: April 9, 2026

Generic Product - Broken Access Control

Published: April 9, 2026Updated: April 9, 2026Remote Exploitable

Overview

A product contains a broken access control vulnerability caused by lack of proper validation of Modbus packets, letting low-privileged remote attackers manipulate odorant injection register values, exploit requires network access.

Severity & Score

Severity: High

CVSS Score: 8.6

Impact

Attackers can manipulate odorant injection levels, potentially causing safety hazards or operational disruptions.

Mitigation

Update to the latest version or apply vendor patches addressing Modbus packet validation.

References

https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm
https://www.cisa.gov/news-events/ics-advisories/icsa-26-099-02
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-099-02.json

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-4436
Severity: High
CVSS Score: 8.6
Type: broken_access_control
Status: new

CWE

CWE-306

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N