PatchSiren cyber security CVE debrief
CVE-2026-27785 Milesight CVE debrief
CISA’s advisory ICSA-26-113-03 says specific Milesight AIOT camera firmware versions contain hard-coded credentials. Milesight recommends updating affected devices to the fixed firmware releases listed in the advisory; the supplied enrichment does not include a KEV entry.
- Vendor
- Milesight
- Product
- MS-Cxx63-PD
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-23
- Original CVE updated
- 2026-04-23
- Advisory published
- 2026-04-23
- Advisory updated
- 2026-04-23
Who should care
Milesight camera operators, physical security and OT/ICS teams, vulnerability management, and integrators responsible for affected deployments.
Technical summary
The issue is a hard-coded credentials weakness (CWE-798) in specific Milesight AIOT camera firmware branches spanning many product families. The supplied advisory lists model-specific firmware versions that are affected and provides vendor-fixed releases; the CVSS vector is CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, yielding a score of 8.8 (High).
Defensive priority
High
Recommended defensive actions
- Inventory Milesight camera models and firmware versions, then compare them to the affected and fixed versions listed in CISA’s advisory.
- Prioritize firmware upgrades to the vendor-fixed releases or the latest firmware available from Milesight’s support portal.
- Review authentication exposure on management interfaces and remove or rotate any credentials that may have been embedded, reused, or shared across devices.
- Restrict access to camera administration networks with segmentation, VPN, and least-privilege controls, especially where adjacent-network access is possible.
- Check logs and device management telemetry for unexpected logins or configuration changes, and validate that patched devices remain on approved firmware after maintenance.
- Use the CISA advisory and vendor firmware guidance as the source of truth before rollout, since the source corpus marks the product mapping as low confidence and needs review.
Evidence notes
Primary source is CISA CSAF advisory ICSA-26-113-03, published 2026-04-23T06:00:00Z and modified the same time in the supplied corpus. The corpus states the problem is hard-coded credentials in specific Milesight AIOT camera firmware versions and provides vendor remediation to update to fixed firmware. The supplied enrichment does not mark this as KEV, and no public exploitation details are included in the corpus. The source mapping is marked low confidence/needs review, so product scope and fixed-version matching should be validated against the vendor firmware page.
Official resources
-
CVE-2026-27785 CVE record
CVE.org
-
CVE-2026-27785 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA in advisory ICSA-26-113-03 on 2026-04-23. The supplied enrichment does not include KEV listing or a known ransomware-campaign flag.