Cyber Resilience

CVE-2026-27785

High

Published: 28 April 2026

Published
28 April 2026
Modified
28 April 2026
KEV Added
Patch
CVSS Score v4 7.7 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0022 13.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-27785 is a high-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Cisa (inferred from references). Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked at the 13.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-27785 is a vulnerability in specific firmware versions of Milesight AIOT camera firmware that contains hard-coded credentials, corresponding to CWE-798: Use of Hard-coded Credentials. Published on 2026-04-28, it carries a CVSS v3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to potential for significant unauthorized access.

An attacker with adjacent network access, such as on the same local network segment or via physical proximity, can exploit this vulnerability with low attack complexity, requiring no privileges or user interaction. Successful exploitation grants high-impact access to confidentiality, integrity, and availability of the affected camera device, potentially allowing full control through the hard-coded credentials.

CISA's ICS Advisory ICSA-26-113-03, detailed at https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03 and in the CSAF JSON at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-03.json, provides further guidance. Milesight offers firmware updates for mitigation at https://www.milesight.com/support/download/firmware.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Why these techniques?

Hard-coded credentials (CWE-798) in the device firmware directly enable use of default/valid accounts for unauthenticated adjacent-network access and full device control.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-26218Shared CWE-798
CVE-2026-22900Shared CWE-798
CVE-2024-51547Shared CWE-798
CVE-2024-46433Shared CWE-798
CVE-2019-25322Shared CWE-798
CVE-2020-37135Shared CWE-798
CVE-2026-24346Shared CWE-798
CVE-2026-25803Shared CWE-798
CVE-2025-33089Shared CWE-798
CVE-2026-29119Shared CWE-798

Affected Assets

Cisa
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the hard-coded credentials vulnerability through timely application of vendor-provided firmware updates.

prevent

Requires management of authenticators including changing default credentials, preventing exploitation of hard-coded ones.

prevent

Enables identification, modification, or disabling of accounts associated with hard-coded credentials to limit unauthorized access.

References