CVE-2026-8153

CRITICAL

OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.25.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS.

CVSS v3.1 Score

9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Complexity
LOW
Privileges
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Published: 5/8/2026Modified: 5/11/2026

Related Intelligence (1)

CRITICALPhishing

Universal Robots Polyscope 5

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-134-17.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and execute code.</strong></p> <p>The following versions of Universal Robots Polyscope 5 are affected:</p> <ul> <li>Polyscope 5 <5.25.1&

CVE-2026-8153
CISA Advisories

References (1)

https://www.universal-robots.com/developer/communication-protocol/dashboard-server/