CVE-2026-8603

Source
https://cve.org/CVERecord?id=CVE-2026-8603
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-8603.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-8603
Published
2026-05-19T17:03:38.388Z
Modified
2026-07-15T01:49:14.656830645Z
Severity
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
Improper neutralization of special elements used in an OS command ('OS command injection') in ScadaBR
Details

In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system.

Database specific
{
    "cwe_ids": [
        "CWE-78"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/8xxx/CVE-2026-8603.json",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "1.2.0"
                },
                {
                    "last_affected": "1.2.0"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cna_assigner": "icscert"
}
References

Affected packages

Git / github.com/scadabr/scadabr

Affected ranges

Type
GIT
Repo
https://github.com/scadabr/scadabr
Events
Database specific
{
    "cpe": "cpe:2.3:a:scadabr:scadabr:1.2:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "1.2"
        },
        {
            "last_affected": "1.2"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

1.*
1.2
v1.*
v1.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-8603.json"