Cyber Posture

CVE-2026-5433

Critical
Microsoft: not affectedMSmacOS: not affectedMacLinux: not affectedLnxMobile: not affectedMobNetwork: not affectedNetApplication: not affectedAppOther: affectedOth

Published: 21 May 2026

Published
21 May 2026
Modified
21 May 2026
KEV Added
Patch
CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0026 49.4th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5433 is a critical-severity an unspecified weakness vulnerability in Honeywell Control Network (inferred from references). Its CVSS base score is 9.1 (Critical).

Operationally, ranked at the 49.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

NVD Description

Honeywell Control Network Module (CNM) contains command injection vulnerability in the web interface. An attacker could exploit this vulnerability via command delimiters, potentially resulting in Remote Code Execution (RCE).

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s)
None listed

Affected Products

Honeywell
Control Network
inferred from references and description; NVD did not file a CPE for this CVE

EU & UK References

Regulatory context (EU CRA / NIS2 / DORA / UK NIS Regulations)

EU Cyber Resilience Act — coordinated disclosure

Critical and high-severity vulnerabilities in products with digital elements may trigger coordinated-disclosure obligations under the EU Cyber Resilience Act (CRA, Regulation 2024/2847). Manufacturers placing products on the EU market must notify ENISA and the relevant CSIRTs without undue delay once active exploitation is known.

References