PT-2026-39990 · Kaco · Blueplanet 155 Tl3+29

Published

2026-05-12

·

Updated

2026-05-12

·

CVE-2026-41125

CVSS v2.0

6.2

Medium

VectorAV:A/AC:H/Au:S/C:P/I:C/A:C
Name of the Vulnerable Software and Affected Versions blueplanet 100 NX3 M8 (affected versions not specified) blueplanet 100 TL3 GEN2 (affected versions not specified) blueplanet 105 TL3 (affected versions not specified) blueplanet 105 TL3 GEN2 (affected versions not specified) blueplanet 110 TL3 (affected versions not specified) blueplanet 125 NX3 M11 (affected versions not specified) blueplanet 125 TL3 (affected versions not specified) blueplanet 125 TL3 GEN2 (affected versions not specified) blueplanet 137 TL3 (affected versions not specified) blueplanet 150 TL3 (affected versions not specified) blueplanet 150 TL3 GEN2 (affected versions not specified) blueplanet 155 TL3 (affected versions not specified) blueplanet 155 TL3 GEN2 (affected versions not specified) blueplanet 165 TL3 (affected versions not specified) blueplanet 165 TL3 GEN2 (affected versions not specified) blueplanet 25.0 NX3-33.0 NX3 (affected versions not specified) blueplanet 3.0 NX3-20.0 NX3 (affected versions not specified) blueplanet 3.0-5.0 NX1 (affected versions not specified) blueplanet 360 NX3 M6 (affected versions not specified) blueplanet 50.0 NX3-60.0 NX3 (affected versions not specified) blueplanet 87.0 TL3 (affected versions not specified) blueplanet 87.0 TL3 GEN2 (affected versions not specified) blueplanet 92.0 TL3 (affected versions not specified) blueplanet 92.0 TL3 GEN2 (affected versions not specified) blueplanet gridsafe 110 TL3-S (affected versions not specified) blueplanet gridsafe 137 TL3-S (affected versions not specified) blueplanet gridsafe 92.0 TL3-S (affected versions not specified) blueplanet hybrid 10.0 TL3 (affected versions not specified) blueplanet hybrid 6.0 NH3-12.0 NH3 (affected versions not specified)
Description Improper neutralization of special elements used in an SQL command (SQL injection) in the KACO Meteor server allows an authorized attacker to elevate privileges over a local network.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-09351
CVE-2026-41125

Affected Products

Meteor Server
Blueplanet 100 Nx3 M8
Blueplanet 100 Tl3 Gen2
Blueplanet 105 Tl3
Blueplanet 105 Tl3 Gen2
Blueplanet 110 Tl3
Blueplanet 125 Nx3 M11
Blueplanet 125 Tl3
Blueplanet 125 Tl3 Gen2
Blueplanet 137 Tl3
Blueplanet 150 Tl3
Blueplanet 150 Tl3 Gen2
Blueplanet 155 Tl3
Blueplanet 155 Tl3 Gen2
Blueplanet 165 Tl3
Blueplanet 165 Tl3 Gen2
Blueplanet 25.0 Nx3-33.0 Nx3
Blueplanet 3.0 Nx3-20.0 Nx3
Blueplanet 3.0-5.0 Nx1
Blueplanet 360 Nx3 M6
Blueplanet 50.0 Nx3-60.0 Nx3
Blueplanet 87.0 Tl3
Blueplanet 87.0 Tl3 Gen2
Blueplanet 92.0 Tl3
Blueplanet 92.0 Tl3 Gen2
Blueplanet Gridsafe 110 Tl3-S
Blueplanet Gridsafe 137 Tl3-S
Blueplanet Gridsafe 92.0 Tl3-S
Blueplanet Hybrid 10.0 Tl3
Blueplanet Hybrid 6.0 Nh3-12.0 Nh3