Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/68363?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68363?format=api", "vulnerability_id": "VCID-fuzq-n4az-z3ex", "summary": "Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module (WCM) traffic during its boot window as a proxy for whether an immobilizer is fitted; if no WCM messages are observed, it skips the PIN entry screen and shows the normal user interface. An attacker who silences the WCM during the boot window — for example via a separately tracked CAN bus-off technique — can present a fully unlocked Infotainment despite the PIN never being entered. Specific timing and protocol details have been withheld pending vendor remediation.", "aliases": [ { "alias": "CVE-2026-49318" } ], "fixed_packages": [], "affected_packages": [], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-49318", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.05057", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.05059", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-49318" }, { "reference_url": "https://cwe.mitre.org/data/definitions/696.html", "reference_id": "696.html", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T14:07:21Z/" } ], "url": "https://cwe.mitre.org/data/definitions/696.html" } ], "weaknesses": [ { "cwe_id": 636, "name": "Not Failing Securely ('Failing Open')", "description": "When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions." }, { "cwe_id": 696, "name": "Incorrect Behavior Order", "description": "The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways which may produce resultant weaknesses." }, { "cwe_id": 754, "name": "Improper Check for Unusual or Exceptional Conditions", "description": "The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product." } ], "exploits": [], "severity_range_score": "1.0 - 2.4", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fuzq-n4az-z3ex" }