CVE-2026-8046— Incorrect Authorization in CODESYS Control

CVSS 8.1 · High EPSS 0.35% · P26 Updated May 26, 2026

Possible ATT&CK Techniques 1AI

Affected Version Matrix 16

Vendor	Product	Version Range	Status
CODESYS	CODESYS Control for BeagleBone SL	`3.0.0.0< 4.21.0.0`	affected
CODESYS	CODESYS Control for emPC-A/iMX6 SL	`3.0.0.0< 4.21.0.0`	affected
CODESYS	CODESYS Control for IOT2000 SL	`3.0.0.0< 4.21.0.0`	affected
CODESYS	CODESYS Control for Linux ARM SL	`3.0.0.0< 4.21.0.0`	affected
CODESYS	CODESYS Control for Linux SL	`3.0.0.0< 4.21.0.0`	affected
CODESYS	CODESYS Control for PFC100 SL	`3.0.0.0< 4.21.0.0`	affected
CODESYS	CODESYS Control for PFC200 SL	`3.0.0.0< 4.21.0.0`	affected
CODESYS	CODESYS Control for PLCnext SL	`3.0.0.0< 4.21.0.0`	affected
CODESYS	CODESYS Control for Raspberry Pi SL	`3.0.0.0< 4.21.0.0`	affected
CODESYS	CODESYS Control for WAGO Touch Panels 600 SL	`3.0.0.0< 4.21.0.0`	affected
CODESYS	CODESYS Control RTE (for Beckhoff CX) SL	`3.0.0.0< 3.5.22.20`	affected
CODESYS	CODESYS Control RTE (SL)	`3.0.0.0< 3.5.22.20`	affected
CODESYS	CODESYS Control Win (SL)	`3.0.0.0< 3.5.22.20`	affected
CODESYS	CODESYS HMI (SL)	`3.0.0.0< 3.5.22.20`	affected
CODESYS	CODESYS Runtime Toolkit	`3.0.0.0< 3.5.22.20`	affected
CODESYS	CODESYS Virtual Control SL	`3.0.0.0< 4.21.0.0`	affected

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-8046

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Incorrect Authorization in CODESYS Control

Source: NVD (National Vulnerability Database)

Vulnerability Description

The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

授权机制不正确

Source: NVD (National Vulnerability Database)

Vulnerability Title

CODESYS多款产品安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

CODESYS等都是德国CODESYS公司的产品。CODESYS是一个工业控制自动化软件。CODESYS HMI是一个可视化软件。CODESYS Control RTE是一个高性能可编程控制器。 CODESYS多款产品存在安全漏洞，该漏洞源于删除用户账户时未充分验证授权，可能导致认证的低权限远程用户删除其他用户，包括具有更高权限的用户。以下产品受到影响：CODESYS Control RTE (SL)、CODESYS Control RTE (for Beckhoff CX) SL、CODESYS Con

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
CODESYS	CODESYS Control RTE (SL)	3.0.0.0 ~ 3.5.22.20	-
CODESYS	CODESYS Control RTE (for Beckhoff CX) SL	3.0.0.0 ~ 3.5.22.20	-
CODESYS	CODESYS Control Win (SL)	3.0.0.0 ~ 3.5.22.20	-
CODESYS	CODESYS HMI (SL)	3.0.0.0 ~ 3.5.22.20	-
CODESYS	CODESYS Runtime Toolkit	3.0.0.0 ~ 3.5.22.20	-
CODESYS	CODESYS Control for BeagleBone SL	3.0.0.0 ~ 4.21.0.0	-
CODESYS	CODESYS Control for emPC-A/iMX6 SL	3.0.0.0 ~ 4.21.0.0	-
CODESYS	CODESYS Control for IOT2000 SL	3.0.0.0 ~ 4.21.0.0	-
CODESYS	CODESYS Control for Linux ARM SL	3.0.0.0 ~ 4.21.0.0	-
CODESYS	CODESYS Control for Linux SL	3.0.0.0 ~ 4.21.0.0	-
CODESYS	CODESYS Control for PFC100 SL	3.0.0.0 ~ 4.21.0.0	-
CODESYS	CODESYS Control for PFC200 SL	3.0.0.0 ~ 4.21.0.0	-
CODESYS	CODESYS Control for PLCnext SL	3.0.0.0 ~ 4.21.0.0	-
CODESYS	CODESYS Control for Raspberry Pi SL	3.0.0.0 ~ 4.21.0.0	-
CODESYS	CODESYS Control for WAGO Touch Panels 600 SL	3.0.0.0 ~ 4.21.0.0	-
CODESYS	CODESYS Virtual Control SL	3.0.0.0 ~ 4.21.0.0	-

II. Public POCs for CVE-2026-8046

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-8046

请登录查看更多情报信息。

Vendor Advisories for CVE-2026-8046 (1)

🔗 CODESYS Control - Incorrect Authorization Read full article

https://nvd.nist.gov/vuln/detail/CVE-2026-8046

Same Patch Batch · CODESYS · 2026-05-26 · 4 CVEs total

CVE-2026-44469	7.8 HIGH	Incorrect Default Permissions in CODESYS Development System
CVE-2026-44468	7.8 HIGH	Incorrect Default Permissions in CODESYS Development System
CVE-2026-8047	7.5 HIGH	Out-of-bounds Write in CODESYS Control

IV. Related Vulnerabilities

Same product: CODESYS Control RTE (SL)

Same vendor: CODESYS

Same weakness: CWE-863

V. Comments for CVE-2026-8046

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-8046— Incorrect Authorization in CODESYS Control

Possible ATT&CK Techniques 1AI

Affected Version Matrix 16

I. Basic Information for CVE-2026-8046

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-8046

III. Intelligence Information for CVE-2026-8046

Vendor Advisories for CVE-2026-8046 (1)

Same Patch Batch · CODESYS · 2026-05-26 · 4 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-8046

Leave a comment