CVE-2026-2417

Description

A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges.

PUBLISHED Reserved 2026-02-12 | Published 2026-03-24 | Updated 2026-03-24 | Assigner icscert

Problem types

CWE-306 Missing authentication for critical function

Product status

Credits

James Tully reported this vulnerability to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-26-083-01 government-resource

cve.org (CVE-2026-2417)

nvd.nist.gov (CVE-2026-2417)

Download JSON