CVE-2026-28205 CRITICAL

CVE-2026-28205: Initialization of a resource with an insecure default in OpenPLC_V3

Vendor Openplc_V3
Product OpenPLC_V3
Weakness CWE-1188
Published April 9, 2026
Last update April 10, 2026

CVSS base score

9.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H

What the vulnerability does

01Description

OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API.

Key dates

02Disclosure timeline

April 9, 2026 CVE published
April 10, 2026 Record updated