CVE-2026-7251
published 2026-05-26CVE-2026-7251: Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.50%
38.9th percentile
Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the attacker would have full access to all control panel features for the BioFlo 320. VNC traffic is not encrypted.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| eppendorf | bioflo_320 | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v6xg-wr2p-xrj3: Eppendorf BioFlo 320 is vulnerable to due to VNC server using a hard-coded password
ghsa_unreviewed·2026-05-26
CVE-2026-7251 [CRITICAL] CWE-259 GHSA-v6xg-wr2p-xrj3: Eppendorf BioFlo 320 is vulnerable to due to VNC server using a hard-coded password
Eppendorf BioFlo 320 is vulnerable to due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the attacker would have full access to all control panel features for the BioFlo 320. VNC traffic is not encrypted.
VulDB
Eppendorf BioFlo 320 hard-coded password (EUVD-2026-31912)
vuldb·2026-05-26·CVSS 9.3
CVE-2026-7251 [CRITICAL] Eppendorf BioFlo 320 hard-coded password (EUVD-2026-31912)
A vulnerability marked as very critical has been reported in Eppendorf BioFlo 320. This vulnerability affects unknown code. Performing a manipulation results in use of hard-coded password.
This vulnerability is known as CVE-2026-7251. Remote exploitation of the attack is possible. No exploit is available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-26
Published