CVE-2026-8046 HIGH

CVE-2026-8046: Incorrect Authorization in CODESYS Control

Vendor Codesys
Product CODESYS Control RTE (SL)
Weakness CWE-863 · Incorrect authorization
Published May 26, 2026
Last update May 26, 2026
View on NVD All CVEs

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges.

Key dates

02Disclosure timeline

May 26, 2026 CVE published
May 26, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-14943 Blog2Social: Social Media Auto Post & Scheduler <= 8.7.2 - Incorrect Authorization to Authenticated (Subscriber+) Sensitive Information Exposure CVE-2025-40670 Incorrect Authorization vulnerability in TCMAN GIM CVE-2026-26973 Discourse doesn't scope reviewable notes to user-visible reviewables CVE-2026-3660 IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Authentication Bypass CVE-2025-3645 Moodle: idor in messaging web service allows access to some user details