CVE-2026-7251 CRITICAL

CVE-2026-7251: Eppendorf BioFlo 320 Use of hard-coded password

Vendor Eppendorf
Product BioFlo 320
Weakness CWE-259
Published May 26, 2026
Last update June 4, 2026

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the attacker would have full access to all control panel features for the BioFlo 320. VNC traffic is not encrypted.

Key dates

02Disclosure timeline

May 26, 2026 CVE published
June 4, 2026 Record updated