A critical security vulnerability in Airleader Master software has been disclosed by CISA, exposing industrial control systems across multiple critical infrastructure sectors to potential remote code execution attacks.
The flaw, tracked as CVE-2026-1358, affects versions up to and including 6.381 and carries a maximum CVSS score of 9.8, indicating severe risk to affected systems.
The vulnerability stems from an unrestricted upload of a file with a dangerous type weakness, allowing attackers to upload and execute malicious files on vulnerable systems without proper validation.
Successful exploitation could grant attackers complete control over affected industrial control systems, potentially disrupting operations across chemical plants, manufacturing facilities, energy infrastructure, food production, healthcare systems, transportation networks, and water treatment facilities worldwide.
| CVE ID | CVSS Score | Vulnerability Type | Affected Version |
|---|---|---|---|
| CVE-2026-1358 | 9.8 (Critical) | Unrestricted Upload of File with Dangerous Type | Airleader Master ≤6.381 |
The widespread deployment of these systems across critical sectors amplifies the potential impact of this vulnerability. Organizations using affected versions face significant risks if proper defensive measures are not implemented immediately.
Security researcher Angel Lomeli of SySS GmbH discovered and reported the vulnerability to CISA, which published an advisory on February 12, 2026.
The coordinated disclosure allows organizations to understand the threat and implement protective measures before widespread exploitation occurs.
CISA has not received reports of active exploitation targeting this specific vulnerability in the wild.
Mitigation Recommendations
CISA strongly recommends organizations take immediate defensive actions to reduce exposure.
Critical measures include ensuring that control system devices are not accessible from the internet, positioning control networks behind firewalls that are isolated from business networks, and implementing secure remote access through updated VPN solutions when necessary.
Organizations should conduct thorough impact analysis and risk assessments before deploying defensive strategies.
CISA emphasises the implementation of defence-in-depth strategies for industrial control system cybersecurity, including network segmentation, access controls, and continuous monitoring for suspicious activity.
Organizations should review CISA’s publicly available guidance on ICS security best practices and targeted cyber intrusion detection strategies.
Any organization observing suspected malicious activity should follow internal incident response procedures and report findings to CISA for correlation with other incidents.
Immediate action is crucial given the vulnerability’s critical severity and potential impact on essential infrastructure operations.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google
