Security Flaw in Indian Motorcycle Scout Bobber + Tech 2025 Wireless Control Module
CVE-2026-49316

4.1MEDIUM

Key Information:

Vendor: Indian Motorcycle (polaris Inc.)
Status: Scout Bobber + Tech
Vendor: CVE Published:; 29 May 2026

🔔 Create Indian Motorcycle (polaris Inc.) Vulnerability Alert

What is CVE-2026-49316?

A security vulnerability in the Indian Motorcycle Scout Bobber + Tech 2025's in-vehicle network allows an attacker on an adjacent network to exploit the Wireless Control Module (WCM). The flaw enables the attacker to force the WCM into a bus-off state through a known CAN error-frame injection technique. Consequently, this disruption prevents the WCM from sending crucial shutdown commands, misleading other vehicle components that continue their operations without recognizing a security breach. This oversight opens pathways for unauthorized motorcycle use, compromising the vehicle's anti-theft measures.

Affected Version(s)

Scout Bobber + Tech OEM Motorcycle 2025

References

https://cwe.mitre.org/data/definitions/440.html

technical-description

CVSS V4

Score:

4.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
May 29, 2026

Credit

Scott Sheahan, Rustic Security LLC

CVE-2026-49316 Data

JSON