Critical Vulnerability Exposes Industrial Robot Fleets to Hacking

Universal Robots, a Danish company specializing in collaborative industrial robots, or cobots, has patched a critical vulnerability affecting one of its operating systems.

Advisories published last week by the cybersecurity agency CISA and Universal Robots revealed that PolyScope 5, an operating system and GUI designed to power and control the company’s cobots, is affected by CVE-2026-8153, an OS command injection vulnerability in the Dashboard Server interface.

The flaw, rated critical with a CVSS score of 9.8, has been patched in PolyScope 5.25.1.

“The Dashboard Server accepts user-controlled input and passes it to the underlying operating system without proper neutralization of special elements,” Universal Robots explained. “An unauthenticated attacker with network access to the Dashboard Server port can craft commands that are executed on the robot’s operating system, leading to remote code execution and compromise of the controller with high impact to confidentiality, integrity, and availability.”

The vendor noted in its advisory that “Remote exploitation of CVE-2026-8153 requires the robot’s Dashboard Server to be enabled in the UI, and its port to be reachable by the attacker. UR robots are not designed to be accessible directly from the Internet, and direct inbound Internet access is typically prevented by the company firewall.”

Critical Vulnerability Exposes Industrial Robot Fleets to Hacking

Other newsrooms on this story

Related reading

Yarbo responds to robot flaws that could mow down their owners

Critical cPanel, WHM flaw probs exploited as 0-day, pros say

The accidental hacker: how one man gained control of 7,000 robots

Anthropic’s newest model excels at finding security vulnerabilities, but raises…

As many as 2 million Cisco devices affected by actively exploited 0-day

Critical cPanel exploited: 'Millions' of sites could be hit