CISA 2026-05-14

Universal Robots Polyscope 5

CVE-2026-8153

Machine-generated analysis · WAYSCloud LLM

An unauthenticated attacker can execute code via OS command injection in Universal Robots Polyscope 5 Dashboard Server. Versions below 5.25.1 are affected.

Context

Universal Robots Polyscope 5 is a robot control interface software used in critical manufacturing. The advisory states that improper neutralization of special elements in an OS command allows unauthenticated command injection. The vulnerability carries a CVSS v3.1 base score of 9.8.

Operator considerations

Patch: Upgrade Universal Robots Polyscope 5 to version 5.25.1 or later.

From Cybersecurity and Infrastructure Security Agency ↗

Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and execute code.

The following versions of Universal Robots Polyscope 5 are affected:

Polyscope 5

Read the full advisory on CISA →