Critical Command Injection Flaw in Universal Robots' Cobots Requires Immediate Patching

Critical Command Injection Flaw in Universal Robots' Cobots Requires Immediate Patching

First seen 20 May 2026, 21:59 UTC ScworldDarkreadingMbtmagFeeds.Feedburnerapp.opencve.io+1 88% similarity 72.0

Article Content

Browse articles
ThreatCluster

A critical command injection vulnerability (CVE-2026-8153) in Universal Robots' PolyScope 5 OS allows unauthenticated attackers to execute commands remotely on collaborative robots (cobots). This flaw, with a CVSS score of 9.8, affects the Dashboard Server interface, enabling potential disruption of production lines and safety risks. Universal Robots has released a patch in version 5.25.1 and recommended immediate updates, although no active exploitation has been reported yet. The vulnerability could allow attackers to manipulate operational parameters and gain administrative control over robotic systems, impacting various industries including manufacturing and logistics. CISA has issued advisories urging organizations to audit their OT networks to prevent exposure. Security experts stress the urgency of addressing this vulnerability due to its potential physical impacts.

Key Points: • CVE-2026-8153 allows unauthenticated remote code execution on Universal Robots' cobots. • The vulnerability affects the Dashboard Server of the PolyScope 5 OS with a CVSS score of 9.8. • Organizations are advised to patch immediately and audit their OT networks for exposure.

ThreatCluster AI

Timeline

2026-05-08
CVE-2026-8153 published
Universal Robots disclosed a critical command injection vulnerability in its cobots' OS.
Darkreading
2026-05-19
Patch released for critical flaw
Universal Robots issued a patch in version 5.25.1 to address CVE-2026-8153, urging immediate installation.
Scworld
Recent
CISA issues advisory
CISA warned organizations to audit OT networks and apply the patch to mitigate risks from the vulnerability.
Scworld

Community

Browse all →