What is CVE-2026-25086?

CVE-2026-25086 is a high-severity vulnerability in Automated Logic Webctrl Premium Server, classified under CWE-605. CVSS score: 7.7/10. Published 2026-03-20.

How severe is CVE-2026-25086?

High severity. CVSS v3 base score is 7.7 out of 10.

Vulnerability in Automated Logic Webctrl Premium Server

CVE-2026-25086

Under certain conditions, an attacker could bind to the same port used by WebCTRL. This could allow the attacker to craft and send malicious packets and impersonate the WebCTRL service without requiring code injection into the WebCTRL s…

EPSS: 0.000 (6.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

Automated Logic Webctrl Premium Server — versions 0

Weakness classification (CWE)

CWE-605

References

www.automatedlogic.com/en/company/security-commitment/
www.cisa.gov/news-events/ics-advisories/icsa-26-078-08
github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-078-08.js…

Frequently asked questions

What is CVE-2026-25086?: CVE-2026-25086 is a high-severity vulnerability in Automated Logic Webctrl Premium Server, classified under CWE-605. CVSS score: 7.7/10. Published 2026-03-20.
How severe is CVE-2026-25086?: High severity. CVSS v3 base score is 7.7 out of 10.