What is the CVSS score of CVE-2026-8153?

CVE-2026-8153 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 1.1%.

Which versions of Universal Robots PolyScope are affected by CVE-2026-8153?

Universal Robots PolyScope Dashboard Server versions before 5.21.1 contain a critical remote command injection vulnerability (CVSS 9.8) that allows unauthenticated attackers to gain complete control…. A patch is available.

Universal Robots PolyScope CVE-2026-8153

Q: How to fix or mitigate CVE-2026-8153?

Within 24 hours: Inventory all PolyScope Dashboard Server deployments and document current versions in use; isolate affected systems from untrusted networks if upgrade is not immediately feasible. Within 7 days: Contact Universal Robots for patch availability timeline and obtain exact fixed version numbers; apply vendor patch to all instances below version 5.21.1 or newer equivalent. Within 30 days: Verify patch deployment across all robots and Dashboard Server instances; implement network segmentation to restrict Dashboard Server access to authorized administrative networks only; enable logging and monitoring for unauthorized access attempts to robot controllers.

EUVD-2026-28548 CRITICAL

OS Command Injection (CWE-78)

2026-05-08 TRO

GHSA-pprv-j56w-x96f

Command Injection

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

May 08, 2026 - 13:02 EUVD

Analysis Generated

May 08, 2026 - 12:45 vuln.today

CVE Published

May 08, 2026 - 11:45 nvd

CRITICAL 9.8

DescriptionNVD

OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.21.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS.

AnalysisAI

Remote unauthenticated command injection in Universal Robots PolyScope Dashboard Server (versions <5.21.1) allows attackers to execute arbitrary OS commands on industrial robot controllers via network-crafted requests. With CVSS 9.8 (critical severity) and complete absence of authentication barriers, this vulnerability enables full robot controller compromise from remote network positions. …

RemediationAI

Within 24 hours: Inventory all PolyScope Dashboard Server deployments and document current versions in use; isolate affected systems from untrusted networks if upgrade is not immediately feasible. Within 7 days: Contact Universal Robots for patch availability timeline and obtain exact fixed version numbers; apply vendor patch to all instances below version 5.21.1 or newer equivalent. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-8153 vulnerability details – vuln.today

Back

Universal Robots PolyScope CVE-2026-8153

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code