CVE-2026-49317

Name of the Vulnerable Software and Affected Versions Indian Motorcycle Scout Bobber + Tech 2025 model year

Description An incorrect behavior order in the Infotainment / Digital Round display allows an attacker on an adjacent network to bypass the PIN entry screen. The system uses the presence of Wireless Control Module (WCM) traffic during the boot window as a proxy to determine if an immobilizer is fitted. If no WCM messages are detected, the system skips the PIN entry screen and displays the normal user interface. An attacker can achieve a fully unlocked state by silencing the WCM during the boot window, for instance, by using a CAN bus-off technique, which is a method used to force a CAN node into an error state to stop it from communicating.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.