Universal Robots PolyScope 5 Dashboard Server command injection (CVE-2026-8153)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2026-8153 patches a critical command injection flaw in Universal Robots PolyScope 5 Dashboard Server that could let an unauthenticated attacker execute commands on reachable robot controllers. The issue carries a CVSS 3.1 score of 9.8 and can lead to remote code execution on the robot OS. Universal Robots says the fix is available in version 5.25.1 or newer, with additional network-isolation guidance for environments that cannot update immediately.
Related Happenings
Mirai-based CVE-2025-29635 D-Link DIR-823X botnet-enlistment campaign
Campaign
First: 22.04.2026 23:04
Last: 22.04.2026 23:04
Sources 1
About this happening:
The **Mirai-based malware campaign** is **actively exploiting CVE-2025-29635** against **D-Link DIR-823X routers**, turning vulnerable devices into botnet nodes. The activity matt...
Mirai-based CVE-2025-29635 D-Link DIR-823X botnet-enlistment campaign
CampaignAbout this happening: The **Mirai-based malware campaign** is **actively exploiting CVE-2025-29635** against **D-Link DIR-823X routers**, turning vulnerable devices into botnet nodes. The activity matt...
Digiever DS-2105 Pro active exploitation wave (CVE-2023-52163)
Exploitation Wave
First: 25.12.2025 10:07
Last: 25.12.2025 10:07
Sources 1
About this happening:
**CVE-2023-52163** is being exploited at scale against **Digiever DS-2105 Pro NVRs**, with multiple reports linking abuse to **Mirai** and **ShadowV2** botnet delivery. The flaw i...
Digiever DS-2105 Pro active exploitation wave (CVE-2023-52163)
Exploitation WaveAbout this happening: **CVE-2023-52163** is being exploited at scale against **Digiever DS-2105 Pro NVRs**, with multiple reports linking abuse to **Mirai** and **ShadowV2** botnet delivery. The flaw i...
Timeline
-
20.05.2026 19:12 2 articles · 7d ago
Universal Robots patches CVE-2026-8153 in PolyScope 5 Dashboard Server
Initial DisclosureUniversal Robots patched CVE-2026-8153, a critical command injection flaw in the Dashboard Server of Universal Robots PolyScope 5 used in OT cobots, where reachable network access could let an unauthenticated attacker execute commands on the robot operating system and gain remote code execution. Vera Mens of Claroty Team82 was credited with discovery and responsible disclosure, coordination ran through CISA and CERT/CC’s VINCE platform, and Universal Robots advised updating to version 5.25.1 or newer while also reducing exposure by disabling the Dashboard Server when unused and placing affected controllers behind firewalls. No known exploitation had occurred at the time of disclosure.
Show sources
- Patch Now: Critical Flaw in OT Robot OS Gives Attackers Control — www.darkreading.com — 20.05.2026 19:12
- Patch Now: Critical Flaw in OT Robot OS Gives Attackers Control — www.darkreading.com — 20.05.2026 19:12