SQL Injection Vulnerability in InSAT MasterSCADA BUK-TS by CISA
CVE-2026-21410

9.3CRITICAL

Key Information:

Vendor: Insat
Status: Masterscada Buk-ts
Vendor: CVE Published:; 24 February 2026

What is CVE-2026-21410?

InSAT MasterSCADA BUK-TS is vulnerable to SQL Injection via its main web interface, allowing malicious users to exploit this weakness. An attacker could potentially execute arbitrary code on the server, compromising the integrity and availability of the system. It's crucial for users to review their configurations and apply necessary mitigations to safeguard against such attacks.

Affected Version(s)

MasterSCADA BUK-TS All versions

References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-0...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2026
Vulnerability Reserved
Feb 9, 2026

Credit

Adem El Adeb reported these vulnerabilities to CISA.

CVE-2026-21410 Data

JSON

Insat

What is CVE-2026-21410?

Affected Version(s)

References

CVSS V4

Timeline

Credit