CVE-2026-28205CRITICAL 9.8EPSS p35.7%

CVE-2026-28205CVE-2026-28205

Description

OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.45% probability of exploitation · percentile 35.7% · 2026-06-19T12:03:05Z
Published2026-04-09
Last modified2026-04-28

Underlying weaknesses· 1

CWE-1188

References

  1. https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-10

1

TypeTargetConfidenceTier
WeaknessInitialization of a Resource with an Insecure Defaultcwe-11880%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-35063
CVE
CVE-2025-1066
CVE
CVE-2025-13970
CVE
CVE-2026-25293
CVE
CVE-2025-41648
CVE
CVE-2026-24790
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.