CRITICAL
Carlson Software
CVE published 2026-04-23
CVE-2026-3893
CVE-2026-3893 is a critical authentication failure in the Carlson Software VASCO-B GNSS Receiver <1.4.0. According to the CISA advisory, the device lacks an authentication mechanism, so an attacker with network access can directly access and modify configuration and operational functions without credentials. Carlson Software recommends updating to Version 1.4.0 or later.