CVE-2026-8603 HIGH

CVE-2026-8603: Improper neutralization of special elements used in an OS command ('OS command injection') in ScadaBR

Vendor Scadabr
Product ScadaBR
Weakness CWE-78
Published May 19, 2026
Last update May 19, 2026
View on NVD All CVEs

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system.

Key dates

02Disclosure timeline

May 19, 2026 CVE published
May 19, 2026 Record updated