CVE-2026-8153

CRITICAL

Command injection in Dashboard Server interface

Title source: cna

Description

OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.25.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS.

References (1)

Core 1

Core References

https://www.universal-robots.com/developer/communication-protocol/dashboard-server/

Scores

CVSS v3 9.8

EPSS 0.0183

EPSS Percentile 76.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-78

Status published

Products (1)

Universal Robots/PolyScope 5 < 5.25.1

Published May 08, 2026

Tracked Since May 08, 2026