Port Binding Vulnerability in Automated Logic's WebCTRL System
CVE-2026-25086

7.7HIGH

Key Information:

Vendor: Automated Logic
Status: Webctrl Premium Server
Vendor: CVE Published:; 20 March 2026

🔔 Create Automated Logic Vulnerability Alert

What is CVE-2026-25086?

A vulnerability has been identified in Automated Logic's WebCTRL system where, under specific conditions, an attacker can bind to the same port utilized by WebCTRL. This flaw could enable the attacker to craft and dispatch malicious packets, allowing them to impersonate the WebCTRL service without needing to inject code into the software. This poses significant risks to the integrity of operations reliant on WebCTRL, as it may lead to unauthorized access and manipulation of the system.

Affected Version(s)

WebCTRL Premium Server 0

References

https://www.automatedlogic.com/en/company/security-commit...

https://www.cisa.gov/news-events/ics-advisories/icsa-26-0...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2026
Vulnerability Reserved
Mar 12, 2026

Credit

Jonathan Lee, Thuy D. Nguyen, and Neil C. Rowe of the Naval Postgraduate School reported this vulnerability to CISA.

CVE-2026-25086 Data

JSON