CVE-2026-8153 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: May 8, 2026
Universal Robots PolyScope - Command Injection
Published: May 8, 2026Updated: May 8, 2026Remote Exploitable
Overview
Universal Robots PolyScope < 5.21.1 contains an OS command injection caused by improper input sanitization in the Dashboard Server interface, letting unauthenticated attackers execute arbitrary OS commands remotely, exploit requires no authentication.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Unauthenticated attackers can execute arbitrary OS commands on the robot, potentially taking full control of the system.
Mitigation
Update to version 5.21.1 or later.
Related Resources
Details
- CVE ID
- CVE-2026-8153
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- command_injection
- Status
- unconfirmed
CWE
- CWE-78
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H