Improper Verification of Cryptographic Signature in CubeSpace Reaction Wheel Firmware
CVE-2026-13743

3.3LOW

Key Information:

Vendor

Cubespace

Vendor
CVE Published:
2 July 2026

What is CVE-2026-13743?

The CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 possess a vulnerability that enables an attacker with physical access to upload malicious firmware without authentication. This flaw in the cryptographic signature verification process could allow unauthorized modifications to the device, potentially compromising its integrity and functionality. It is essential for users to update to the latest firmware version to mitigate this security risk.

Affected Version(s)

CW0057 Reaction Wheel 0 < 5.0.20

References

CVSS V4

Score:
3.3
Severity:
LOW
Confidentiality:
None
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Anthony Rose reported this vulnerability to CISA.
.