OS Command Injection in ScadaBR by ScadaBR Team
CVE-2026-8603

8.7HIGH

Key Information:

Vendor: Scadabr
Status: Scadabr
Vendor: CVE Published:; 19 May 2026

What is CVE-2026-8603?

The OS Command Injection vulnerability in ScadaBR version 1.2.0 allows attackers to execute arbitrary commands with root privileges on SCADA systems. This could lead to unauthorized access and control over critical infrastructure, potentially compromising sensitive data and operational integrity. It is essential for users to apply necessary patches and security measures to mitigate these risks.

Affected Version(s)

ScadaBR 1.2.0

References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-1...

government-resource

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2026
Vulnerability Reserved
May 14, 2026

Credit

Arad Inbar, Nir Somech, Ben Grinberg, Daniel Lubel, Erez Cohen, and Adiel Sol of DREAM reported these vulnerabilities to CISA.

CVE-2026-8603 Data

JSON

Scadabr

What is CVE-2026-8603?

Affected Version(s)

References

CVSS V4

Timeline

Credit