Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-8153 -- CVSS 9.8 Vulnerability Briefing

CVE-2026-8153 | CVSS 9.8 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-8153 is an OS command injection vulnerability in the Dashboard Server interface of Universal Robots PolyScope, the operating software used to control Universal Robots collaborative robot (cobot) arms, affecting all versions prior to 5.25.1.

Technical Detail

The Dashboard Server interface in PolyScope fails to properly sanitize user-supplied input, allowing an unauthenticated remote attacker to craft malicious commands that are passed directly to the underlying operating system for execution. Successful exploitation results in arbitrary OS-level code execution on the robot controller without requiring any credentials or prior access. Given that PolyScope runs on a Linux-based OS with direct control over robot hardware, exploitation could enable an attacker to manipulate robot behavior, exfiltrate operational data, establish persistent access, or cause physical disruption to manufacturing or industrial processes.

Exploitation Status

No known exploit code has been observed or confirmed at this time, and this CVE is not currently listed in the CISA Known Exploited Vulnerabilities catalog. The exploit maturity is assessed as no known exploit. However, the unauthenticated nature of the attack vector and the critical CVSS score of 9.8 make this a high-priority target for threat actors if proof-of-concept code becomes publicly available.

Who Is Targeting This

No specific threat actor attribution at this time. No campaigns or targeted sector intelligence have been confirmed in association with this vulnerability. Organizations operating Universal Robots hardware in manufacturing, automotive, logistics, and critical infrastructure environments should treat this as an elevated risk given the industrial control system context.

What To Do

Upgrade Universal Robots PolyScope to version 5.25.1 or later immediately. This should be treated as a critical patch priority given the unauthenticated remote code execution potential. As an interim workaround, restrict network access to the Dashboard Server interface using firewall rules or network segmentation, ensuring robot controllers are not directly reachable from untrusted networks or the public internet. Organizations should audit current network exposure of PolyScope Dashboard Server ports and review access logs for any anomalous command activity. If patching cannot be completed immediately, isolating affected robot controllers to a dedicated OT network segment with strict ingress filtering is the recommended interim control.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →