CVE-2026-1453

Critical

Published: 29 January 2026

Published

29 January 2026

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 28.8th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product.

Mitigating Controls (NIST 800-53 r5)AI

AC-14 Permitted Actions Without Identification or Authentication good match

prevent

AC-14 directly identifies, authorizes, and monitors critical actions like administrator account creation or deletion that are permitted without identification or authentication, mitigating the core missing authentication vulnerability.

AC-2 Account Management good match

prevent

AC-2 enforces management of accounts including creation and deletion only by authorized personnel, preventing unauthenticated attackers from gaining administrative control via unauthorized account modifications.

IA-2 Identification and Authentication (Organizational Users) good match

prevent

IA-2 requires unique identification and authentication for users accessing system functions, directly countering the lack of authentication for critical administrator account operations.

Security SummaryAI

CVE-2026-1453 is a missing authentication for critical function vulnerability (CWE-306) in the KiloView Encoder Series. This flaw allows an unauthenticated attacker to create or delete administrator accounts, potentially granting full administrative control over the affected product. Published on 2026-01-29, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), classifying it as critical.

An unauthenticated attacker with network access can exploit this vulnerability due to low attack complexity and no user interaction or privileges required. Successful exploitation enables the creation or deletion of administrator accounts, resulting in high impacts to confidentiality, integrity, and availability, and providing the attacker with complete control over the device.

Mitigation guidance is provided in CISA ICS Advisory ICSA-26-029-01, available at https://www.cisa.gov/news-events/ics-advisories/icsa-26-029-01, along with the corresponding CSAF JSON file at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-029-01.json.

Details

CWE(s): CWE-306

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Missing authentication in a network-accessible management function allows unauthenticated remote exploitation of a public-facing application to create/delete admin accounts and gain full control.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-029-01.json
ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-26-029-01
ics-cert@hq.dhs.gov