CVE-2026-2417

UNKNOWN 0.0

Missing Authentication for Critical Function in Pharos Controls Mosaic Show Controller

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges.

CWE	CWE-306
Vendor	pharos controls
Product	mosaic show controller
Published	Mar 24, 2026
Last Updated	Mar 24, 2026

Stay Ahead of the Next One

Get instant alerts for pharos controls mosaic show controller

Be the first to know when new unknown vulnerabilities affecting pharos controls mosaic show controller are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Pharos Controls / Mosaic Show Controller

2.15.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cisa.gov: https://www.cisa.gov/news-events/ics-advisories/icsa-26-083-01

Credits

James Tully reported this vulnerability to CISA.