CVE-2026-28205

Summary

OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API.

Affected Software

VendorProductVersion RangeStatus
OpenPLC_V3OpenPLC_V3All versionsaffected

Weaknesses

  • CWE-1188: CWE-1188 Initialization of a resource with an insecure default

Workarounds

OpenPLC_v3 is now considered to be end of life. Users are recommended to upgrade to OpenPLC Runtime v4 ( https://github.com/autonomy-logic/openplc-runtime ).

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References