CVE-2026-8603
published 2026-05-19CVE-2026-8603: In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system.
PriorityP271critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.32%
67.2th percentile
In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| scadabr | scadabr | — | — |
| scadabr | scadabr | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
ScadaBR 1.2.0 os command injection (icsa-26-139-03)
vuldb·2026-05-19·CVSS 8.7
CVE-2026-8603 [HIGH] ScadaBR 1.2.0 os command injection (icsa-26-139-03)
A vulnerability was found in ScadaBR 1.2.0. It has been declared as critical. The impacted element is an unknown function. The manipulation results in os command injection.
This vulnerability is cataloged as CVE-2026-8603. The attack may be launched remotely. There is no exploit available.
GHSA
GHSA-mj8w-xgc5-j265: In ScadaBR version 1
ghsa_unreviewed·2026-05-19
CVE-2026-8603 [HIGH] CWE-78 GHSA-mj8w-xgc5-j265: In ScadaBR version 1
In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-19
Published