CVE-2026-8604

HIGH

Cross-Site request forgery (CSRF) in ScadaBR

Title source: cna
STIX 2.1

Description

In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in user to a malicious webpage.

References (1)

Core 1
Core References
Government Resource government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-03

Scores

CVSS v3 8.8
EPSS 0.0018
EPSS Percentile 7.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-352
Status published
Products (2)
scadabr/scadabr 1.2
ScadaBR/ScadaBR 1.2.0
Published May 19, 2026
Tracked Since May 19, 2026