TechTarget and Informa Tech’s Digital Business Combine. TechTarget and Informa TechTarget and Informa Tech’s Digital Business Combine. Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise Newsletter Sign-Up Newsletter Sign-Up Cybersecurity Topics Related Topics Application Security Cybersecurity Careers Cloud Security Cyber Risk Cyberattacks & Data Breaches Cybersecurity Analytics Cybersecurity Operations Data Privacy Endpoint Security ICS/OT Security Identity & Access Mgmt Security Insider Threats IoT Mobile Security Perimeter Physical Security Remote Workforce Threat Intelligence Vulnerabilities & Threats Recent in Cybersecurity Topics Cybersecurity Operations Interpol's 'Operation Ramz' Pioneers Cross-Region Collabs in Middle East Interpol's 'Operation Ramz' Pioneers Cross-Region Collabs in Middle East by Robert Lemos May 20, 2026 4 Min Read Threat Intelligence Verizon DBIR: Enterprises Face a Dangerous Vulnerability Glut Verizon DBIR: Enterprises Face a Dangerous Vulnerability Glut by Alexander Culafi May 19, 2026 5 Min Read World Related Topics DR Global Middle East & Africa Asia Pacific Latin America See All The Edge DR Technology Events Related Topics Upcoming Events Podcasts Webinars SEE ALL Resources Related Topics Resource Library Newsletters Podcasts Reports Videos Webinars White Papers Partner Perspectives Dark Reading Resource Library ICS/OT Security Vulnerabilities & Threats Physical Security Cybersecurity Operations News Patch Now: Critical Flaw in OT Robot OS Gives Attackers Control An unauthenticated attacker can exploit the command injection vulnerability to gain remote access to robotic systems, causing significant disruption to the environment. Elizabeth Montalbano , Contributing Writer May 20, 2026 4 Min Read Source: Gen A via Adobe Stock Photo A critical command injection vulnerability in the operating system (OS) for collaborative robots used across operational technology (OT) environments allows an unauthenticated attacker to execute commands on the system. Exploiting the flaw could threatens the integrity of the system and potentially the safety of those interacting with it. Danish company Universal Robots has patched the vulnerability, tracked as CVE-2026-8153 and found in the Dashboard Server interface of Universal Robots PolyScope 5. The flaw exists because the Dashboard Server accepts user-controlled input and passes it to the underlying OS without proper neutralization of special elements, according to a company security advisory . The flaw has a CVSS 3.1 base score of 9.8 and allows anyone who can reach the Dashboard Server network port to craft commands that are executed on the robot's operating system. This scenario means that an unauthenticated attacker with network access can achieve remote code execution (RCE) and compromise the controller. Related: Taiwan Bullet Train Hack Highlights Cybersecurity Gaps in Rail Systems Universal Robots credited Vera Mens of Claroty Team82 with discovery and responsible disclosure of the flaw, and acknowledged coordination through the Cybersecurity and Infrastructure Security Agency (CISA) and CERT/CC's VINCE platform. CISA also put out its own advisory on the vulnerability. How CVE-2026-8153 Puts 'Cobots' at Risk Universal Robots' PolyScope systems are are collaborative robotic systems, commonly referred to as "cobots," and are deployed across manufacturing , logistics, warehousing, automotive , healthcare, and other industrial production environments. "The flaw affects the robot controller itself, which is effectively a Linux-based computer connected directly to operational technology and physical machinery," Morey Haber, chief security advisor at BeyondTrust, tells Dark Reading. Universal Robots has noted in its advisory that remote exploitation of CVE-2026-8153 requires the robot’s Dashboard Server to be enabled in the UI, and its port must be reachable by the attacker. The company's robots are designed so that they are not accessible directly from the Internet, and companies typically have firewalls that prevent direct inbound Internet access to OT systems, according to Universal Robots. Still, exploiting the flaw can significantly impact the PolyScope 5 robotic system's confidentiality, integrity, and availability, Haber says. That's because attackers could gain administrative-level control over the robotic controller without valid credentials and operate undetected, even over a persistent period of time, he says. Related: AI-Driven Cyberattack on Mexico Couldn't Breach OT Systems Security, Safety Concerns for OT Systems Exploitation has implications beyond the control systems as well because in many environments, these robotic systems communicate with PLCs , manufacturing execution system (MES) platforms, ERP applications, and remote management infrastructure. This makes controllers "highly interconnected OT assets rather than isolated machines according to the manufacturers own specifications," Haber says. Potentially disruptive outcomes include production shutdowns, sabotage of manufacturing workflows, ransomware deployment, destruction of operational and configuration data, or manipulation of robotic precision and calibration, Haber notes. Exploiting the flaw not only has security implications across all these systems, but also has safety implications as well, since "industrial robots bridge the digital and physical worlds," Haber notes. "If attackers manipulate robot behavior , disable safeguards, alter programmed movements, or interrupt safety logic, the consequences move beyond cybersecurity and into human safety," he says. "A compromised cobot may no longer operate predictably around workers, assembly lines, or with hazardous materials." Related: Serial-to-IP Devices Hide Thousands of Old & New Bugs This could pose not only an operational hazard , but also a critical infrastructure threat due to production outages or equipment damage, or even a physical threat to humanity via an environmental catastrophe, Haber says. Mitigations for the PolyScope 5 Flaw At this time, no known exploitation has occurred. Universal Robots "strongly recommends that all customers update to version 5.25.1 or newer, as soon as possible" effectively patching the vulnerability on all affected systems, according to the advisory. If updating is not immediately available, Universal Robots recommended measures aligned with the CISA's defensive guidance for control system devices, including minimizing network exposure of the robot by placing it and other control system devices behind firewalls and isolating them from business networks. Administrators also should disable the Dashboard Server in PolyScope entirely if it is not used by an application, as well as restrict access to specific trusted hosts or subnet in the OS, Universal Robots said. Haber also recommends "strict segmentation between IT and OT environments " as a general rule in environments using any industrial control system (ICS). He also notes the importance of keeping the Dashboard Server disabled if it's not operationally required since "remote management interfaces are the control plane for an environment and consistently become high value attack surfaces in industrial environments." About the Author Elizabeth Montalbano Contributing Writer Elizabeth Montalbano is freelance writer, editor, and journalist with 30 years of professional experience and a master's degree from Arizona State University. Her areas of expertise include enterprise technology, cybersecurity, business, and culture. During her long career, Elizabeth has lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City. She specializes in news coverage and analysis, using her years of experience to look at the current state of cybersecurity with a critical gaze. She currently resides in a village on the southwest coast of Portugal, where in her free time she enjoys surfing, hiking with her dogs, growing plants, and playing and performing as a singer and musician. See more from Elizabeth Montalbano Want more Dark Reading stories in your Google search results? Add Us Now More Insights Industry Reports How Organizations Are Managing Incident Response How Enterprises Are Developing Secure Applications Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy How Enterprises Are Harnessing Emerging Technologies in Cybersecurity Ditch the Data Center: Understanding Flexible Cloud Infrastructure Security Management Access More Research Webinars AI-Powered Credential Security: Intelligence Without Exposure AI-Powered Cybersecurity for Resource-Constrained Organizations How Security Teams should apply Threat Intelligence into their Defenses What is the Right Role for Identity Threat Detection and Response (ITDR) in Your Organization? Your Guide to Securing AI Adoption in Your Organization More Webinars Editor's Choice Threat Intelligence From Stuxnet to ChatGPT: 20 News Events That Shaped Cyber From Stuxnet to ChatGPT: 20 News Events That Shaped Cyber by Dark Reading Editorial Team May 6, 2026 31 Min Read Cyber Risk Physical Cargo Theft Gets a Boost From Cybercriminals Physical Cargo Theft Gets a Boost From Cybercriminals by Robert Lemos May 4, 2026 5 Min Read Want more Dark Reading stories in your Google search results? Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. Subscribe RSAC 2026: key news & insights At RSAC 2026, Dark Reading captured critical intelligence on AI, new attack methods, geopolitics, and much more Get Your Re