CVE-2026-1507
Published: 10 February 2026
Summary
CVE-2026-1507 is a high-severity Uncaught Exception (CWE-248) vulnerability in Cisa (inferred from references). Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 23.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote exploitation of uncaught exception to crash services matches Endpoint DoS via application exploitation.
NVD Description
The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service.
Deeper analysisAI
CVE-2026-1507 is a vulnerability stemming from an uncaught exception (CWE-248) in affected products, enabling an unauthenticated attacker to remotely crash core PI services and cause a denial-of-service condition. The vulnerability received a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its high impact on availability with no requirements for privileges or user interaction.
An unauthenticated attacker can exploit this vulnerability over the network with low complexity, triggering the uncaught exception to crash core PI services. Successful exploitation results solely in a denial-of-service, disrupting service availability without compromising confidentiality or integrity.
For mitigation details, refer to the CISA ICS advisory at https://www.cisa.gov/news-events/ics-advisories/icsa-26-041-03.
Details
- CWE(s)