CVE-2026-8604 | THREATINT

Description

In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in user to a malicious webpage.

PUBLISHED Reserved 2026-05-14 | Published 2026-05-19 | Updated 2026-05-19 | Assigner icscert

HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-352 Cross-Site request forgery (CSRF)

Product status

Default status

unaffected

1.2.0

affected

Credits

Arad Inbar, Nir Somech, Ben Grinberg, Daniel Lubel, Erez Cohen, and Adiel Sol of DREAM reported these vulnerabilities to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-26-139-03 government-resource

cve.org (CVE-2026-8604)

nvd.nist.gov (CVE-2026-8604)

Download JSON