Weakness in Indian Motorcycle's Infotainment System Allows Unauthenticated Access
CVE-2026-49317

1LOW

Key Information:

Vendor: Indian Motorcycle (polaris Inc.)
Status: Scout Bobber + Tech
Vendor: CVE Published:; 29 May 2026

🔔 Create Indian Motorcycle (polaris Inc.) Vulnerability Alert

What is CVE-2026-49317?

A flaw in the Infotainment system of the Indian Motorcycle Scout Bobber + Tech 2025 allows an attacker on the adjacent network to bypass the PIN entry screen. This vulnerability arises due to the incorrect order of operations during the boot process of the Infotainment system. If the Wireless Control Module (WCM) does not send messages during initialization, the system may skip the PIN authentication step, allowing unauthorized access to features that should be restricted. Attackers can exploit this by employing techniques to silence the WCM, effectively presenting the unlocked user interface without valid authentication.

Affected Version(s)

Scout Bobber + Tech OEM Motorcycle 2025

References

https://cwe.mitre.org/data/definitions/696.html

technical-description

CVSS V4

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
May 29, 2026

Credit

Scott Sheahan, Rustic Security LLC

CVE-2026-49317 Data

JSON