HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-8024Published Modified CNA CERTVDE

CVE-2026-8024: Deserialization vulnerability in ibaPDA and ibaDatCoordinator

A remote, unauthenticated attacker may exploit a deserialization of untrusted data vulnerability in ibaPDA or ibaDatCoordinator to gain full access to the affected systems.

Metrics

CVSS v4.0
9.3
Severity
CRITICAL
Fixed in
4.0.7
Affected Products
2

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A deserialization of untrusted data vulnerability affects ibaPDA (versions 1.0.0 through below 8.14.0) and ibaDatCoordinator (versions 1.0.0 through below 4.0.7). The flaw is reachable over the network with no authentication required, meaning any attacker with network access to the service can send maliciously crafted serialized data. Successful exploitation gives the attacker full control of the affected system, including the ability to read, modify, or destroy data and execute arbitrary commands. Patched-image rebuilds at versions 8.14.0 and 4.0.7 are available on HarborGuard for environments running affected versions.

HarborGuard Coverage

Detection

Detection of CVE-2026-8024 is available across every HarborGuard environment: the CVE is ingested from upstream feeds, including CERTVDE advisories, within minutes of publication and matched against all customer images in connected registries and CI/CD pipelines, including custom-built images that bundle ibaPDA or ibaDatCoordinator. Both affected products and their full version range (from 1.0.0) are covered by the matching logic.

Available
Triage

HarborGuard scores this CVE at 9.3 Critical using the CVSS v4.0 vector and weights the finding against each customer environment's active compliance policy to determine urgency and ownership. The resulting alert is routed to the appropriate team inbox within the customer org based on configured policy rules.

Available
Patch

Patched-image rebuilds at ibaPDA 8.14.0 and ibaDatCoordinator 4.0.7 are available on HarborGuard for any environment where an affected version is detected. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs a regression test suite against the new image, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the ibaPDA or ibaDatCoordinator service over the network; no local or physical access is needed, but the service must be exposed to the attacker's network.

  • AuthenticationNot required

    No account or credentials are needed; the vulnerable deserialization endpoint accepts input from unauthenticated connections.

  • Victim interactionNot required

    The attacker sends a crafted payload directly to the service and no user action or interaction is required to trigger the vulnerability.

  • Attack complexityDetail

    The exploit is reliable and condition-free; no race conditions, specific memory layout, or environmental prerequisites are required beyond reaching the service.

Blast Radius

  • A successful attacker achieves full read access to the host, including stored process data, configuration files, credentials, and any secrets held by ibaPDA or ibaDatCoordinator.
  • The attacker can modify or delete persisted data records, measurement archives, and system configuration, corrupting industrial process history.
  • The attacker can execute arbitrary code or commands on the affected host with the privileges of the running service process.
  • All three impacts (confidentiality, integrity, availability) are rated High under CVSS v4.0, so the attacker retains the ability to crash or halt the affected service entirely.

How HarborGuard Handles This

Available on HarborGuard: detection fires within minutes of CVE publication for any image containing an affected version of ibaPDA or ibaDatCoordinator, across all connected registries and pipelines. For customers who opt into auto-remediation, HarborGuard rebuilds the image at the fixed versions (ibaPDA 8.14.0, ibaDatCoordinator 4.0.7), executes a regression test run, and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes in environments with auto-remediation enabled. For environments where auto-remediation is not permitted by compliance policy, HarborGuard surfaces the finding with full CVSS v4.0 context and fix-version guidance so that engineering teams can act manually. Given the unauthenticated network attack vector and Critical severity, teams should also consider applying network-policy controls to restrict access to ibaPDA and ibaDatCoordinator service ports to trusted hosts only while the patch is being applied.

See how HarborGuard automates this

Fix available

4.0.78.14.0
Affected packages
  • iba / ibaPDA
    < 8.14.0 (from 1.0.0)
  • iba / ibaDatCoordinator
    < 4.0.7 (from 1.0.0)
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References