CVE-2026-8153

Name of the Vulnerable Software and Affected Versions Universal Robots PolyScope versions prior to 5.25.1

Description OS command injection in the Dashboard Server interface allows an unauthenticated attacker with network access to the Dashboard Server port to craft commands that execute arbitrary code on the robot's operating system. This issue has been confirmed to be exploited in the wild and could lead to remote takeover of industrial robot fleets, potentially causing operational disruption, sabotage, or physical harm to humans. The risk is heightened in environments with poor network segmentation where attackers can move across operational technology (OT) fleets via exposed Ethernet connections on control boxes.

Recommendations Update to version 5.25.1 or later. Restrict access to the Dashboard Server interface to minimize the risk of exploitation.