Unauthorized Remote Access Vulnerability in Linux-Based Systems by Vendor

CVE-2026-3587

What is CVE-2026-3587?

CVE-2026-3587 is a significant vulnerability discovered in devices utilizing Linux-based systems produced by Wago. This vulnerability specifically allows an unauthenticated remote attacker to exploit a hidden function within the Command Line Interface (CLI) prompt, enabling the attacker to escape from the restricted interface of the device. This capability can lead to the full compromise of the affected device, putting it at risk of unauthorized access and control. Organizations relying on Wago’s products for automation and control processes face severe risks if this vulnerability is exploited, as it could disrupt operations, lead to data loss, and potentially facilitate further malicious activities within their network environment.

Potential impact of CVE-2026-3587

1. Full Device Compromise: The vulnerability allows attackers to gain unauthorized access to the full system, leading to a complete compromise of the device. This could enable them to manipulate system configurations, extract sensitive data, or disrupt operations.

2. Operational Disruption: Exploitation of this vulnerability may result in significant downtime or disruption of critical industrial processes and automation systems, hindering the operational capabilities of organizations that utilize these devices.

3. Increased Attack Surface: With the potential for full compromise, attackers could use the affected devices as entry points to expand their attacks across the network, increasing the risk of further breaches and expanding the scope of impact within an organization's IT infrastructure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References