Auth bypass in Pharos Controls Mosaic Show Controller

CVE-2026-2417

A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privil…

Vulnerability class: Broken Authentication

EPSS: 0.002 (48.2th percentile) — read the EPSS interpretation.