Bypass Vulnerability in Infotainment System of Indian Motorcycle Scout Bobber + Tech 2025
CVE-2026-49318

1LOW

Key Information:

Vendor: Indian Motorcycle (polaris Inc.)
Status: Scout Bobber + Tech
Vendor: CVE Published:; 29 May 2026

🔔 Create Indian Motorcycle (polaris Inc.) Vulnerability Alert

What is CVE-2026-49318?

The Infotainment system in the Indian Motorcycle Scout Bobber + Tech 2025 model exhibits a flaw that allows an adjacent-network attacker to bypass the PIN entry screen. This vulnerability arises from incorrect handling of the Wireless Control Module (WCM) traffic during the system's boot process. When the WCM messages are absent, the system erroneously skips the PIN prompt, granting unauthorized access to the user interface. Attackers can exploit this by employing tactics like the CAN bus-off technique to silence the WCM, effectively allowing them to access the Infotainment system without entering a PIN.

Affected Version(s)

Scout Bobber + Tech OEM Motorcycle 2025

References

https://cwe.mitre.org/data/definitions/696.html

technical-description

CVSS V4

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
May 29, 2026

Credit

Scott Sheahan, Rustic Security LLC

CVE-2026-49318 Data

JSON