CVE-2026-28205
published 2026-04-09CVE-2026-28205: OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system…
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.45%
35.9th percentile
OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openplc_v3 | openplc_v3 | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.2CRITICALCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
OpenPLC v3 API insecure default initialization of resource (icsa-25-345-10)
vuldb·2026-04-09·CVSS 9.2
CVE-2026-28205 [CRITICAL] OpenPLC v3 API insecure default initialization of resource (icsa-25-345-10)
A vulnerability was found in OpenPLC v3. It has been rated as very critical. This issue affects some unknown processing of the component API. The manipulation leads to insecure default initialization of resource.
This vulnerability is uniquely identified as CVE-2026-28205. The attack is possible to be carried out remotely. No exploit exists.
GHSA
GHSA-3r9q-7hff-7fm4: OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the
ghsa_unreviewed·2026-04-09
CVE-2026-28205 [CRITICAL] CWE-1188 GHSA-3r9q-7hff-7fm4: OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the
OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-09
Published