CVE-2026-8108

High

Published: 12 May 2026

Published

12 May 2026

Modified

12 May 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score N/A

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-8108 is a high-severity Exposed Dangerous Method or Function (CWE-749) vulnerability in Cisa (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, it is not currently listed in the CISA KEV catalog.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

CM-7 Least Functionality

addresses: CWE-749

Explicitly prohibiting dangerous or unnecessary functions and services prevents exposure of methods that could be directly exploited.

SC-25 Thin Nodes

addresses: CWE-749

Minimal functionality removes or avoids exposure of dangerous methods and functions.

NVD Description

The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-749

Affected Products

Cisa

—

inferred from references and description; NVD did not file a CPE for this CVE

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-132-01.json
ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-26-132-01
ics-cert@hq.dhs.gov