PatchSiren cyber security CVE debrief
CVE-2026-8108 Raw CVE debrief
CVE-2026-8108 is a high-severity local privilege-related issue affecting Fuji Electric Tellus 5.0.2. According to the CISA CSAF advisory, installing Tellus adds a kernel driver that grants all users read and write permissions, which can undermine system integrity and confidentiality. The advisory was published on 2026-05-12 and does not appear in CISA KEV at this time.
- Vendor
- Raw
- Product
- Fuji Electric Tellus 5.0.2
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-12
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-12
Who should care
Organizations running Fuji Electric Tellus 5.0.2, especially industrial control or operations teams that install or maintain the software on shared or production systems. Security teams responsible for local privilege hardening and software deployment controls should also review this advisory.
Technical summary
The supplied advisory describes a kernel driver installed by Fuji Tellus that grants all users read and write permissions. The published CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating a locally reachable issue requiring low privileges but with high impact if abused. CISA’s remediation notes specify that Fuji Electric recommends installing Tellus only with administrator privileges.
Defensive priority
High. The issue is locally exploitable, requires low privileges, and is rated HIGH with full confidentiality, integrity, and availability impact in the supplied scoring. Prioritize deployment restrictions and least-privilege controls on any affected systems.
Recommended defensive actions
- Confirm whether Fuji Electric Tellus 5.0.2 is installed anywhere in your environment.
- Restrict installation of Tellus to trusted administrative users only, as recommended in the advisory.
- Review local privilege and file-permission controls on affected hosts to reduce the impact of over-permissive drivers.
- If the product is required, place affected systems under enhanced monitoring for unexpected file or configuration changes.
- Validate the advisory and vendor guidance before making changes in production OT/ICS environments.
Evidence notes
All substantive claims here are taken from the supplied CISA CSAF source item and its metadata: the product is Fuji Electric Tellus 5.0.2, the advisory describes a kernel driver granting all users read/write permissions, and the remediation says installation should be limited to administrator privileges. The published date used for timing context is 2026-05-12. No KEV entry is present in the supplied enrichment data.
Official resources
-
CVE-2026-8108 CVE record
CVE.org
-
CVE-2026-8108 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory published by CISA on 2026-05-12. The supplied data indicates no Known Exploited Vulnerabilities listing at the time represented here.