CVE-2026-2417
published 2026-03-24CVE-2026-2417: A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated…
PriorityP276critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.57%
43.0th percentile
A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pharos_controls | mosaic_show_controller | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target device: Pharos Controls Mosaic Show Controller running firmware version 2.15.3 is the affected product; detect exploitation attempts against this device by monitoring for unauthenticated requests to privileged/command-execution endpoints. ↗
- →Network-reachable attack vector with no privileges or user interaction required (CVSS:3.1/AV:N/AC:L/PR:N/UI:N); monitor for unauthenticated inbound connections to Mosaic Show Controller management interfaces from unexpected sources. ↗
- →CWE-306 (Missing Authentication for Critical Function): look for HTTP/TCP requests that reach privileged or command-execution functions on the controller without any authentication headers/tokens. ↗
- ·No known public exploitation has been reported at time of advisory publication; no specific exploit code, IOCs, or attack tooling were referenced in the available sources. ↗
- ·Only firmware version 2.15.3 is confirmed affected; version 2.16 and later are the remediated versions — ensure version fingerprinting is used to scope detection rules appropriately. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g4m3-7qqq-fgp4: A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2
ghsa_unreviewed·2026-03-24
CVE-2026-2417 [CRITICAL] CWE-306 GHSA-g4m3-7qqq-fgp4: A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2
A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges.
CISA ICS
Pharos Controls Mosaic Show Controller
cisa_ics·2026-03-24·CVSS 9.3
[CRITICAL] Pharos Controls Mosaic Show Controller
ICS Advisory
##
Pharos Controls Mosaic Show Controller
Release DateMarch 24, 2026
Alert CodeICSA-26-083-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary commands with root privileges.
The following versions of Pharos Controls Mosaic Show Controller are affected:
- Mosaic Show Controller Firmware 2.15.3 (CVE-2026-2417)
CVSS
Vendor
Equipment
Vulnerabilities
| v3 9.8
| Pharos Controls
| Pharos Controls Mosaic Show Controller
| Missing Authentication for Critical Function
## Background
- Critical Infrastructure Sectors: Commercial Facilities
- Countries/Areas Deployed: Worldwide
- Company H
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-03-24
Published