CVE-2026-8153

critical

Description

OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.25.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS.

References

References
More

https://www.darkreading.com/ics-ot-security/patch-now-critical-flaw-ot-robot-os

https://www.securityweek.com/critical-vulnerability-exposes-industrial-robot-fleets-to-hacking/

https://www.cisa.gov/news-events/ics-advisories/icsa-26-134-17

https://www.universal-robots.com/developer/communication-protocol/dashboard-server/

Details

Source: Mitre, NVD

Published: 2026-05-08

Updated: 2026-05-11

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H