Published by CISA under advisory code ICSA-26-043-10, the flaw has been assigned CVE-2026-1358 and carries a CVSS v3 score of 9.8, indicating critical severity.
According to the advisory released on February 12, 2026, the vulnerability affects all versions of Airleader Master up to 6.381. It could allow unauthenticated attackers to execute arbitrary code on target systems remotely.
The issue arises from an unrestricted file upload weakness that allows the upload of dangerous file types that can be executed on the device.
| CVE ID | CVSS Score | Vendor | Equipment | Vulnerability Type | Affected Version |
|---|---|---|---|---|---|
| CVE-2026-1358 | 9.8 (Critical) | Airleader GmbH | Airleader Master | Unrestricted Upload of File with Dangerous Type | ≤ 6.381 |
The vulnerability resides in the file handling component of Airleader Master, developed by Germany-based Airleader GmbH.
Successful exploitation enables adversaries to gain control over vulnerable servers or network-connected systems.
Potentially disrupting operations in energy, chemical, healthcare, food and agriculture, manufacturing, transportation, and water management sectors.
CISA notes that while there are no known public exploits targeting this flaw yet, the potential for damage is significant given the global use of Airleader Master for industrial system optimization and monitoring.
CISA urges system administrators and operators of critical infrastructure to take immediate steps to reduce exposure.
Restrict network access by ensuring control systems are not available from the internet. Segment ICS networks and place them behind properly configured firewalls.
Use VPNs for remote access, but ensure they are fully updated and hardened. Conduct impact assessments and risk analyses before implementing new defensive measures.
CISA also encourages following its Industrial Control System (ICS) cybersecurity best practices.
Detailed in guidance documents like Improving ICS Cybersecurity with Defense-in-Depth Strategies and ICS-TIP-12-146-01B: Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations detecting suspicious activity associated with this vulnerability should report it to CISA for coordinated analysis and response.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Critical Airleader Vulnerability Exposes Systems to Remote Code Execution Attacks appeared first on Cyber Security News.
May 10, 2026 Imagine if the biggest, most influential businesses in this country came together…
Crimson Desert developer Pearl Abyss has released this week’s update as promised, and it adds…
It took nearly 50 years. WKRP in Cincinnati is no longer just a TV sitcom.…
The Mountain Home Area Chamber of Commerce hosted its 2026 Four-Person Scramble Golf Tournament Friday…
Growing up and spending all of his 44-years in Lead Hill and living on the…
Mountain Home Mayor Hillrey Adams says work is continuing at a rapid pace as the…
This website uses cookies.