CRITICALCVE-2026-8153Published 2026-05-08Modified 2026-05-11CNA TRO

CVE-2026-8153: Command injection in Dashboard Server interface

OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.25.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS.

CVSS v3.1: 9.8
Severity: CRITICAL
Fixed in: 5.25.1
Affected Products: 1

Fix available

5.25.1

Affected packages

Universal Robots / PolyScope 5
< 5.25.1 (from 0)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

universal-robots.com

Metrics

Fix available