Pharos Controls · Pharos Controls Mosaic Show Controller · CVE-2026-2417
**Name of the Vulnerable Software and Affected Versions**
Pharos Controls Mosaic Show Controller version 2.15.3
**Description**
A missing authentication check for a critical function allows an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges. This affects network-accessible show controllers.
**Recommendations**
Update to a newer version that contains a fix for this vulnerability.