Critical Airleader Master Software Vulnerability Exposes Industrial Control Systems to Remote Attacks
A severe security flaw in Airleader Master software, tracked as CVE-2026-1358, has been disclosed by the Cybersecurity and Infrastructure Security Agency (CISA), posing a major risk to industrial control systems (ICS) across critical infrastructure sectors. The vulnerability, rated 9.8 (Critical) on the CVSS scale, affects versions up to and including 6.381 and stems from an unrestricted file upload weakness, allowing attackers to execute malicious code remotely without proper validation.
If exploited, the flaw could grant threat actors full control over affected systems, potentially disrupting operations in chemical plants, manufacturing, energy, food production, healthcare, transportation, and water treatment facilities worldwide. The widespread deployment of Airleader Master in these sectors heightens the risk of large-scale operational disruptions.
Security researcher Angel Lomeli of SySS GmbH discovered the vulnerability, which was reported to CISA and publicly disclosed on February 12, 2026. While no active exploitation has been observed in the wild, the coordinated disclosure provides organizations time to implement protective measures.
CISA has issued mitigation recommendations, including:
- Restricting internet access to control system devices
- Isolating control networks behind firewalls
- Using secure VPN solutions for remote access
- Conducting risk assessments before deploying defenses
- Adopting defense-in-depth strategies, such as network segmentation, access controls, and continuous monitoring
Organizations are urged to review CISA’s ICS security best practices and report any suspected malicious activity. The critical severity of the flaw underscores the urgency of addressing the threat to prevent potential infrastructure disruptions.
Source: https://gbhackers.com/critical-airleader-vulnerability/
Airleader TPRM report: https://www.rankiteo.com/company/airleader
"id": "air1771237567",
"linkid": "airleader",
"type": "Vulnerability",
"date": "2/2026",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"{'affected_entities': [{'customers_affected': 'Chemical plants, manufacturing, '
'energy, food production, '
'healthcare, transportation, and '
'water treatment facilities',
'industry': 'Industrial Control Systems',
'name': 'Airleader',
'type': 'Software Vendor'}],
'attack_vector': 'Remote Code Execution',
'date_publicly_disclosed': '2026-02-12',
'description': 'A severe security flaw in Airleader Master software, tracked '
'as CVE-2026-1358, has been disclosed by the Cybersecurity and '
'Infrastructure Security Agency (CISA), posing a major risk to '
'industrial control systems (ICS) across critical '
'infrastructure sectors. The vulnerability, rated 9.8 '
'(Critical) on the CVSS scale, affects versions up to and '
'including 6.381 and stems from an unrestricted file upload '
'weakness, allowing attackers to execute malicious code '
'remotely without proper validation. If exploited, the flaw '
'could grant threat actors full control over affected systems, '
'potentially disrupting operations in chemical plants, '
'manufacturing, energy, food production, healthcare, '
'transportation, and water treatment facilities worldwide.',
'impact': {'operational_impact': 'Potential large-scale operational '
'disruptions',
'systems_affected': 'Industrial Control Systems (ICS)'},
'investigation_status': 'Publicly disclosed, no active exploitation observed',
'post_incident_analysis': {'corrective_actions': 'Patch management, network '
'segmentation, access '
'controls, continuous '
'monitoring',
'root_causes': 'Unrestricted file upload weakness '
'in Airleader Master software'},
'recommendations': 'Review CISA’s ICS security best practices, report '
'suspected malicious activity, implement defense-in-depth '
'strategies (network segmentation, access controls, '
'continuous monitoring)',
'references': [{'source': 'Cybersecurity and Infrastructure Security Agency '
'(CISA)'},
{'source': 'SySS GmbH (Angel Lomeli)'}],
'regulatory_compliance': {'regulatory_notifications': 'CISA disclosure'},
'response': {'containment_measures': 'Restricting internet access to control '
'system devices, isolating control '
'networks behind firewalls, using secure '
'VPN solutions for remote access',
'enhanced_monitoring': 'Recommended',
'network_segmentation': 'Recommended',
'remediation_measures': 'Conducting risk assessments before '
'deploying defenses, adopting '
'defense-in-depth strategies (network '
'segmentation, access controls, '
'continuous monitoring)'},
'stakeholder_advisories': 'Organizations urged to implement CISA’s mitigation '
'recommendations',
'title': 'Critical Airleader Master Software Vulnerability Exposes Industrial '
'Control Systems to Remote Attacks',
'type': 'Vulnerability Disclosure',
'vulnerability_exploited': 'CVE-2026-1358 (Unrestricted File Upload)'}