Fourth Frontier Frontier X Mobile App Authentication Bypass (CVE-2026-5768)

Vulnerability Overview Vulnerability Name: Fourth Frontier Frontier X Mobile Application, Frontier X2 Release Date: May 28, 2026 Alert Code: ICSMA-26-148-01 CVSS Score: v3 8.8 Vendor: Fourth Frontier Device: Fourth Frontier Frontier X Mobile Application, Frontier X2 Vulnerability Type: Missing Critical Function Authentication Impact Scope Affected Versions: - Frontier X Android application vers < v15.0.0 - Frontier X iOS application vers < v25.0.0 - Frontier X2 vers: all Critical Infrastructure Sector: Healthcare and Public Health Deployed Countries and Regions: Global Company Headquarters Location: United States Mitigation Recommended Practices: - Minimize network exposure by ensuring all control system devices and/or systems are not accessible from the internet. - Place control system networks and remote devices behind firewalls and isolate them from business networks. - When remote access is required, use more secure communication methods such as Virtual Private Networks (VPNs) and ensure the VPN is updated to the latest version. - Perform appropriate impact analysis and risk assessment before deploying mitigations. - Implement recommended cybersecurity strategies to proactively defend ICS assets. - Organizations should follow internal procedures to report suspicious malicious activity and submit findings to CISA for tracking and correlation analysis. Additional Information Background: - Successful exploitation of this vulnerability could allow an attacker to read and write arbitrary handle values and change clinical readings, leading to device control and potentially causing patient harm. Vulnerability ID: CVE-2026-5768 Acknowledgements: Shakir Zari and Jerin Sunny reported this vulnerability to CISA. Revision History Initial Release Date: May 28, 2026 Revision: 1 Summary: Initial release Tags Sector: Healthcare and Public Health Sector Topic: Industrial Control System Vulnerability, Industrial Control Systems Related Advisories Eppendorf BioFlo 320 Grassroots DICOM (GDCM) ZOLL ePCR iOS Mobile Application WHILL Model C2 Electric Wheelchairs and Model F Power Chairs (Update A) Legal Notice and Terms of Use This product is subject to this notice and the privacy and usage policy. Feedback Please share your thoughts. We have recently updated our anonymous product survey and welcome your feedback. Contact Information CISA Central: 1-844-Say-CISA Email: contact@cisa.dhs.gov Official Website CISA.gov: Official website of the U.S. Department of Homeland Security Other Links About CISA: Budget and Performance, DHS.gov, FOIA requests No FEAR Act: Office of Inspector General, Privacy Policy, Subscribe The White House: USA.gov, Website Feedback Social Media Facebook: [Icon] X: [Icon] LinkedIn: [Icon] RSS: [Icon] Footer CISA.gov: Official website of the U.S. Department of Homeland Security Footer Links About CISA: Budget and Performance, DHS.gov, FOIA requests No FEAR Act: Office of Inspector General, Privacy Policy, Subscribe The White House: USA.gov, Website Feedback Footer Social Media Facebook: [Icon] X: [Icon] LinkedIn: [Icon] RSS: [Icon] Footer Contact CISA Central: 1-844-Say-CISA Email: contact@cisa.dhs.gov Footer Official Website CISA.gov: Official website of the U.S. Department of Homeland Security Footer Other Links About CISA: Budget and Performance, DHS.gov, FOIA requests No FEAR Act: Office of Inspector General, Privacy Policy, Subscribe The White House: USA.gov, Website Feedback Footer Social Media Facebook: [Icon] X: [Icon] LinkedIn: [Icon] RSS: [Icon] Footer Contact CISA Central: 1-844-Say-CISA Email: contact@cisa.dhs.gov Footer Official Website CISA.gov: Official website of the U.S. Department of Homeland Security Footer Other Links About CISA: Budget and Performance, DHS.gov, FOIA requests No FEAR Act: Office of Inspector General, Privacy Policy, Subscribe The White House: USA.gov, Website Feedback Footer Social Media Facebook: [Icon] X: [Icon] LinkedIn: [Icon] RSS: [Icon] Footer Contact CISA Central: 1-844-Say-CISA Email: contact@cisa.dhs.gov Footer Official Website CISA.gov: Official website of the U.S. Department of Homeland Security Footer Other Links About CISA: Budget and Performance, DHS.gov, FOIA requests No FEAR Act: Office of Inspector General, Privacy Policy, Subscribe The White House: USA.gov, Website Feedback Footer Social Media Facebook: [Icon] X: [Icon] LinkedIn: [Icon] RSS: [Icon] Footer Contact CISA Central: 1-844-Say-CISA Email: contact@cisa.dhs.gov Footer Official Website CISA.gov: Official website of the U.S. Department of Homeland Security Footer Other Links About CISA: Budget and Performance, DHS.gov, FOIA requests No FEAR Act: Office of Inspector General, Privacy Policy, Subscribe The White House: USA.gov, Website Feedback Footer Social Media Facebook: [Icon] X: [Icon] LinkedIn: [Icon] RSS: [Icon] Footer Contact CISA Central: 1-844-Say-CISA Email: contact@cisa.dhs.gov Footer Official Website CISA.gov: Official website of the U.S. Department of Homeland Security Footer Other L

Goal Reached Thanks to every supporter — we hit 100%!

Fourth Frontier Frontier X Mobile App Authentication Bypass (CVE-2026-5768)

More from this source