Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

OpenPLC ScadaBR actively exploited XSS flaw (CVE-2021-26829)

Vulnerability
First reported
Last updated
Happening score
H score 28
1 unique sources, 1 articles

Summary

Hide ▲

CVE-2021-26829 in OpenPLC ScadaBR is an actively exploited cross-site scripting (XSS) flaw affecting Windows and Linux versions via system_settings.shtm, creating risk for exposed HMI deployments. CISA added the issue to the KEV catalog, signaling that defenders should treat it as a known exploited weakness. FCEB agencies must apply fixes by December 19, 2025.

Related Happenings

CISA KEV action for CVE-2026-31431 and FCEB remediation

Public Sector Action
First: 03.05.2026 09:26 Last: 03.05.2026 09:26 Sources 1

About this happening: CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...

Open Happening

CISA KEV directive for CVE-2026-20133

Public Sector Action
First: 21.04.2026 15:30 Last: 21.04.2026 15:30 Sources 1

About this happening: On **Monday, April 21, 2026**, **CISA** added **CVE-2026-20133** to the **KEV Catalog** and ordered **FCEB agencies** to secure their networks by **Friday, April 24**. The directi...

Open Happening

CISA KEV listing and FCEB patch order for Ivanti EPMM

Public Sector Action
First: 08.04.2026 21:15 Last: 08.04.2026 21:15 Sources 1

About this happening: **CISA** added **CVE-2026-1340** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Ivanti Endpoint Manager Mobile (EPMM)** by **Saturday midnight, April 11**, forcin...

Open Happening

CISA KEV listing for Wing FTP CVE-2025-47813

Public Sector Action
First: 17.03.2026 07:23 Last: 17.03.2026 07:23 Sources 1

About this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...

Open Happening

CISA adds two Roundcube flaws to KEV catalog

Public Sector Action
First: 21.02.2026 09:21 Last: 21.02.2026 09:21 Sources 1

About this happening: **CISA** added **two Roundcube webmail flaws** to the **KEV catalog** after citing **active exploitation**, increasing urgency for federal remediation. **CVE-2025-49113** is a **C...

Open Happening

Timeline

  1. 30.11.2025 11:23 2 articles · 5mo ago

    CISA adds CVE-2021-26829 in OpenPLC ScadaBR to KEV

    Legal Policy Action Update

    CISA added CVE-2021-26829, a CVSS 5.4 cross-site scripting flaw in OpenPLC ScadaBR via system_settings.shtm, to the Known Exploited Vulnerabilities catalog after evidence of active exploitation; the affected versions include OpenPLC ScadaBR through 1.12.4 on Windows and through 0.9.1 on Linux, and Federal Civilian Executive Branch agencies must apply the necessary fixes by December 19, 2025.

    Show sources
    Open in new tab