HOMEVULNERABILITIESCVE-2026-41551
CRITICAL

CVE-2026-41551

CWE-23Published: May 12, 2026· Updated: May 12, 2026

9.1
CVSS v3.1
EPSS:0.05%probability of exploitation in 30 daysPercentile:15.0th

Official Description

A vulnerability has been identified in ROS# (All versions < V2.2.2). Affected versions contain a path traversal vulnerability because user input is not properly sanitized.

This could allow a remote attacker to access arbitrary files on the device.

NVD Source

Technical Analysis

CVE-2026-41551 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.

The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.

A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), with a CVSS base score of 9.1.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorNetwork
Attack ComplexityLow
Privileges Req.None
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityHigh
AvailabilityNone
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

News & Research Mentioning CVE-2026-41551

Siemens Siemens ROS#
CISA Alerts· May 14, 2026

View CSAF Summary ROS# contains a ROS service file_server, that before version 2.2.2 contains a path traversal vulnerability which could allow an attacker to access, i.e. read and write, arbitrary files, which are accessible with the user rights of the user that runs the service, on the system that hosts service. Siemens has released a new version for ROS# and recommends to update to the latest version. The following versions of Siemens Siemens ROS# are affected: ROS# vers:intdot/<2.2.2 CVSS Vendor Equipment Vulnerabilities v3 9.1 Siemens Siemens Siemens ROS# Relative Path Traversal Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Germany Vulnerabilities Expand All + [xlite_meta score:73 src:CISA Alerts xlite_fp:9ad04bfc03e54a4e532165ba387cf4eef58b45b3519a8d1fcfa56432078773d6]

All References (1)

Quick Facts

CVE IDCVE-2026-41551
CVSS Score9.1 / 10
SeverityCRITICAL
WeaknessCWE-23
CISA KEVNo
EPSS (30d)0.05%
PublishedMay 12, 2026

Known Threat Actors

core
financial

Related CVEs (CWE-23)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-41551 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.