CVE-2026-24790

High

Published: 20 February 2026

Published

20 February 2026

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

EPSS Score 0.0011 29.0th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-24790 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Cisa (inferred from references). Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 29.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-17 (Remote Access).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-14 Permitted Actions Without Identification or Authentication good match

prevent

AC-14 directly addresses missing authentication for critical functions by requiring identification of actions allowable without authentication and authorization of such actions, preventing unauthorized remote influence of the PLC.

AC-17 Remote Access good match

prevent

AC-17 mandates authorization, monitoring, and protection of remote access, countering the vulnerability's network-accessible remote influence without safeguards.

AC-3 Access Enforcement good match

prevent

AC-3 enforces approved access authorizations, blocking unauthorized modifications and disruptions to PLC operations resulting from lack of authentication.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability allows unauthenticated remote exploitation of a network-accessible PLC due to missing authentication (CWE-306), directly mapping to T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication.

Deeper analysisAI

CVE-2026-24790 is a vulnerability (CWE-306: Missing Authentication for Critical Function) in the underlying Programmable Logic Controller (PLC) of the device, which allows remote influence without proper safeguards or authentication. Published on 2026-02-20T17:25:51.313, it has a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L), indicating high severity due to network accessibility, low attack complexity, and no requirements for privileges or user interaction.

Remote attackers with network access to the affected device can exploit this vulnerability without authentication to influence the PLC's operations. Successful exploitation enables high-impact integrity violations, such as unauthorized modifications to PLC functions, alongside low-impact availability disruptions, while confidentiality remains unaffected.

CISA ICS Advisory ICSA-26-050-04, detailed at https://www.cisa.gov/news-events/ics-advisories/icsa-26-050-04 and in CSAF format at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-050-04.json, provides mitigation guidance; vendor contact information is available at https://www.welker.com/contact-us/welker-team.