CVE-2026-8602

UNKNOWN 0.0

Missing authentication for critical function in ScadaBR

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sensor readings.

CWE	CWE-306
Vendor	scadabr
Product	scadabr
Published	May 19, 2026
Last Updated	May 19, 2026

Stay Ahead of the Next One

Get instant alerts for scadabr scadabr

Be the first to know when new unknown vulnerabilities affecting scadabr scadabr are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

ScadaBR / ScadaBR

1.2.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cisa.gov: https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-03

Credits

Arad Inbar, Nir Somech, Ben Grinberg, Daniel Lubel, Erez Cohen, and Adiel Sol of DREAM reported these vulnerabilities to CISA.