CISA ICSA-26-043-10: Airleader Controller CVE-2026-1358 RCE Vulnerability Advisory

Critical Vulnerability Information Vulnerability Type: Remote Code Execution (RCE) Affected Industries: Chemical, Critical Manufacturing, Energy, Food and Agriculture, Healthcare and Public Health, Transportation, and other critical infrastructure sectors Scope of Impact: Global Vendor Location: Germany Recommended Mitigations: - Minimize network exposure of all control systems, ensuring they are not accessible from portable or wireless devices - Place control system networks and remote devices behind firewalls and isolate them from business networks - When remote access is required, use more secure methods such as Virtual Private Networks (VPNs) - Conduct appropriate impact analysis and risk assessment before deploying defensive measures - Implement recommended control system security practices from the ICS website - Organizations should implement recommended cybersecurity strategies for active defense of ICS - Additional mitigation guidance and recommended practices are publicly available at https://www.cisa.gov/ics - Organizations observing suspected malicious activity should follow established internal procedures and report to CISA Vulnerability Status: No public reports of specific exploits targeting this vulnerability have been identified Publisher: CISA Related Links: - Vulnerability Details: ICS Advisory ICSA-26-043-10 JSON - Web Version: ICS Advisory ICSA-26-043-10 - Web Version - Recommended Practices: ICS-ALERT-10-301-01, ICS Recommended Practices Additional Details Disclosure Scope: Unrestricted Legal Disclaimer: This product is provided under the Notification and Privacy policy at https://www.cisa.gov/notification. Terms of use are governed by the Notification and Privacy Statement. Risk Assessment: Successful exploitation of this vulnerability may allow an attacker to achieve remote code execution. No publicly available, specific exploit reports for this vulnerability have been identified. The vendor’s headquarters is located in Germany. The vulnerability was reported to CISA by SySS GmbH. The affected control system product is identified by the short name CSAIFID-0001. It is recommended to upgrade the Airleader master controller to version 6.386 or higher. CISA recommends users take defensive measures to reduce the risk of exploitation. Remediation: Airleader recommends users upgrade the Airleader master controller to version 6.386 or higher. Users should contact Airleader via email or by submitting an online form to obtain recommended mitigation steps. Scoring: CVSS v3 base score is 9.8, severity level: Critical. Product: The product status CRE includes an affected control ID CSAIFID-0001. Reference links include CWE-434 (HTML external link), CVE-2026-1358, scoring link from First.org, and contact links for Airleader. Dependencies: 434/CVE-2026-1358 (indicating the vulnerability may be related to a specific HTML issue), affecting reasoned probability based on its scoring, primarily driven by C Please select the sections you need from the summary above. If you have further questions, feel free to ask!

Goal Reached Thanks to every supporter — we hit 100%!

CISA ICSA-26-043-10: Airleader Controller CVE-2026-1358 RCE Vulnerability Advisory

More from this source