Patch Now: Critical Flaw in OT Robot OS Gives Attackers Control TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsCybersecurity OperationsInterpol's 'Operation Ramz' Pioneers Cross-Region Collabs in Middle EastInterpol's 'Operation Ramz' Pioneers Cross-Region Collabs in Middle EastbyRobert LemosMay 20, 20264 Min ReadThreat IntelligenceVerizon DBIR: Enterprises Face a Dangerous Vulnerability GlutVerizon DBIR: Enterprises Face a Dangerous Vulnerability GlutbyAlexander CulafiMay 19, 20265 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificLatin AmericaSee AllThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryICS/OT SecurityVulnerabilities & ThreatsPhysical SecurityCybersecurity OperationsNewsPatch Now: Critical Flaw in OT Robot OS Gives Attackers ControlAn unauthenticated attacker can exploit the command injection vulnerability to gain remote access to robotic systems, causing significant disruption to the environment.Elizabeth Montalbano,Contributing WriterMay 20, 20264 Min ReadSource: Gen A via Adobe Stock PhotoA critical command injection vulnerability in the operating system (OS) for collaborative robots used across operational technology (OT) environments allows an unauthenticated attacker to execute commands on the system. Exploiting the flaw could threatens the integrity of the system and potentially the safety of those interacting with it.Danish company Universal Robots has patched the vulnerability, tracked as CVE-2026-8153 and found in the Dashboard Server interface of Universal Robots PolyScope 5. The flaw exists because the Dashboard Server accepts user-controlled input and passes it to the underlying OS without proper neutralization of special elements, according to a company security advisory.The flaw has a CVSS 3.1 base score of 9.8 and allows anyone who can reach the Dashboard Server network port to craft commands that are executed on the robot's operating system. This scenario means that an unauthenticated attacker with network access can achieve remote code execution (RCE) and compromise the controller.Related:Taiwan Bullet Train Hack Highlights Cybersecurity Gaps in Rail SystemsUniversal Robots credited Vera Mens of Claroty Team82 with discovery and responsible disclosure of the flaw, and acknowledged coordination through the Cybersecurity and Infrastructure Security Agency (CISA) and CERT/CC's VINCE platform. CISA also put out its own advisory on the vulnerability.How CVE-2026-8153 Puts 'Cobots' at RiskUniversal Robots' PolyScope systems are are collaborative robotic systems, commonly referred to as "cobots," and are deployed across manufacturing, logistics, warehousing, automotive, healthcare, and other industrial production environments. "The flaw affects the robot controller itself, which is effectively a Linux-based computer connected directly to operational technology and physical machinery," Morey Haber, chief security advisor at BeyondTrust, tells Dark Reading.Universal Robots has noted in its advisory that remote exploitation of CVE-2026-8153 requires the robot’s Dashboard Server to be enabled in the UI, and its port must be reachable by the attacker. The company's robots are designed so that they are not accessible directly from the Internet, and companies typically have firewalls that prevent direct inbound Internet access to OT systems, according to Universal Robots. Still, exploiting the flaw can significantly impact the PolyScope 5 robotic system's confidentiality, integrity, and availability, Haber says. That's because attackers could gain administrative-level control over the robotic controller without valid credentials and operate undetected, even over a persistent period of time, he says. Related:AI-Driven Cyberattack on Mexico Couldn't Breach OT SystemsSecurity, Safety Concerns for OT SystemsExploitation has implications beyond the control systems as well because in many environments, these robotic systems communicate with PLCs, manufacturing execution system (MES) platforms, ERP applications, and remote management infrastructure. This makes controllers "highly interconnected OT assets rather than isolated machines according to the manufacturers own specifications," Haber says.Potentially disruptive outcomes include production shutdowns, sabotage of manufacturing workflows, ransomware deployment, destruction of operational and configuration data, or manipulation of robotic precision and calibration, Haber notes.Exploiting the flaw not only has security implications across all these systems, but also has safety implications as well, since "industrial robots bridge the digital and physical worlds," Haber notes."If attackers manipulate robot behavior, disable safeguards, alter programmed movements, or interrupt safety logic, the consequences move beyond cybersecurity and into human safety," he says. "A compromised cobot may no longer operate predictably around workers, assembly lines, or with hazardous materials."Related:Serial-to-IP Devices Hide Thousands of Old & New BugsThis could pose not only an operational hazard, but also a critical infrastructure threat due to production outages or equipment damage, or even a physical threat to humanity via an environmental catastrophe, Haber says.Mitigations for the PolyScope 5 FlawAt this time, no known exploitation has occurred. Universal Robots "strongly recommends that all customers update to version 5.25.1 or newer, as soon as possible" effectively patching the vulnerability on all affected systems, according to the advisory.If updating is not immediately available, Universal Robots recommended measures aligned with the CISA's defensive guidance for control system devices, including minimizing network exposure of the robot by placing it and other control system devices behind firewalls and isolating them from business networks. Administrators also should disable the Dashboard Server in PolyScope entirely if it is not used by an application, as well as restrict access to specific trusted hosts or subnet in the OS, Universal Robots said.Haber also recommends "strict segmentation between IT and OT environments" as a general rule in environments using any industrial control system (ICS). He also notes the importance of keeping the Dashboard Server disabled if it's not operationally required since "remote management interfaces are the control plane for an environment and consistently become high value attack surfaces in industrial environments."About the AuthorElizabeth MontalbanoContributing WriterElizabeth Montalbano is freelance writer, editor, and  journalist with 30 years of professional experience and a master's degree from Arizona State University. Her areas of expertise include enterprise technology, cybersecurity, business, and culture. During her long career, Elizabeth has lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City. She specializes in news coverage and analysis, using her years of experience to look at the current state of cybersecurity with a critical gaze. She currently resides in a village on the southwest coast of Portugal, where in her free time she enjoys surfing, hiking with her dogs, growing plants, and playing and performing as a singer and musician.See more from Elizabeth MontalbanoWant more Dark Reading stories in your Google search results?Add Us NowMore InsightsIndustry ReportsHow Organizations Are Managing Incident ResponseHow Enterprises Are Developing Secure ApplicationsInside RSAC 2026: security leaders reveal the risks redefining your defense strategyHow Enterprises Are Harnessing Emerging Technologies in CybersecurityDitch the Data Center: Understanding Flexible Cloud Infrastructure Security ManagementAccess More ResearchWebinarsAI-Powered Credential Security: Intelligence Without ExposureAI-Powered Cybersecurity for Resource-Constrained OrganizationsHow Security Teams should apply Threat Intelligence into their DefensesWhat is the Right Role for Identity Threat Detection and Response (ITDR) in Your Organization?Your Guide to Securing AI Adoption in Your OrganizationMore WebinarsEditor's ChoiceThreat IntelligenceFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberbyDark Reading Editorial TeamMay 6, 202631 Min ReadCyber RiskPhysical Cargo Theft Gets a Boost From CybercriminalsPhysical Cargo Theft Gets a Boost From CybercriminalsbyRobert LemosMay 4, 20265 Min ReadWant more Dark Reading stories in your Google search results?Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeRSAC 2026: key news & insightsAt RSAC 2026, Dark Reading captured critical intelligence on AI, new attack methods, geopolitics, and much moreGet Your RecapWebinarsAI-Powered Cybersecurity for Resource-Constrained OrganizationsThurs, June 18, 2026, at 1pm ESTAI-Powered Credential Security: Intelligence Without ExposureWed, June 17, 2026, at 1pm ESTHow Security Teams should apply Threat Intelligence into their DefensesThurs, June 11, 2026 at 1pm ESTYour Guide to Securing AI Adoption in Your OrganizationTues, June 9, 2026 at 1pm ESTWhat is the Right Role for Identity Threat Detection and Response (ITDR) in Your Organization?Wed, June 3, 2026 at 1pm ESTMore WebinarsBlack Hat USA | Mandalay Bay, Las VegasThe premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass.GET YOUR PASSDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2026 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of UseYour Privacy Choices

A critical command injection vulnerability exists within the operating system of collaborative robots used in operational technology operational technology environments. This flaw allows an unauthenticated attacker to execute arbitrary commands on the robotic systems, posing a significant threat to system integrity and operational safety. The vulnerability was identified in the Dashboard Server interface of the Universal Robots PolyScope 5 system and is tracked as CVE-2026-8153. The root cause stems from the Dashboard Server accepting user-controlled input and passing it to the underlying operating system without proper neutralization of special elements.

This vulnerability carries a high risk, evidenced by a CVSS 3.1 base score of 9.8, as it permits any entity with network access to the Dashboard Server port to craft commands that are executed on the robot’s operating system, effectively granting remote code execution (RCE) and the ability to compromise the controller without valid credentials. This exposure is acute because the robotic controllers are effectively Linux-based computers intrinsically linked to operational technology and physical machinery.

The implications extend far beyond traditional cybersecurity concerns; exploitation of this flaw carries severe physical safety risks. Since industrial robots bridge the digital and physical worlds, attackers manipulating robot behavior can disable safety logic, alter programmed movements, or interrupt operational safeguards. This compromises the predictability of the robot around workers or in hazardous environments, moving the threat from digital compromise into direct physical danger. Furthermore, given that these robotic systems often communicate with interconnected assets such as Programmable Logic Controllers (PLCs), Manufacturing Execution Systems (MES), and Enterprise Resource Planning (ERP) applications, exploiting the vulnerability risks disrupting entire production workflows, leading to production shutdowns, sabotage of manufacturing processes, or the deployment of ransomware.

To mitigate this severe risk, Universal Robots strongly recommends that all affected customers update to version 5.25.1 or newer to patch the vulnerability across all systems. If an immediate update is not feasible, other defensive measures, aligned with guidance from agencies like CISA, are advised. These measures include minimizing the network exposure of the robots by placing them behind firewalls and isolating them from general business networks. Administrators should also consider disabling the Dashboard Server in the PolyScope entirely if it is not operationally required by applications. Additionally, there is a strong recommendation for strict segmentation between the Information Technology (IT) and Operational Technology (OT) environments. Generally, experts advise keeping remote management interfaces disabled, as these interfaces frequently become high-value attack surfaces in industrial settings, emphasizing the need for robust segmentation between IT and OT environments.