Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-fuzq-n4az-z3ex
SummaryIncorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module (WCM) traffic during its boot window as a proxy for whether an immobilizer is fitted; if no WCM messages are observed, it skips the PIN entry screen and shows the normal user interface. An attacker who silences the WCM during the boot window — for example via a separately tracked CAN bus-off technique — can present a fully unlocked Infotainment despite the PIN never being entered. Specific timing and protocol details have been withheld pending vendor remediation.
Aliases
0
alias CVE-2026-49318
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-49318
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.05057
published_at 2026-06-11T12:55:00Z
1
value 0.00018
scoring_system epss
scoring_elements 0.05059
published_at 2026-06-12T12:55:00Z
2
value 0.00018
scoring_system epss
scoring_elements 0.05047
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-49318
1
reference_url https://cwe.mitre.org/data/definitions/696.html
reference_id 696.html
reference_type
scores
0
value 2.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T14:07:21Z/
url https://cwe.mitre.org/data/definitions/696.html
Weaknesses
0
cwe_id 636
name Not Failing Securely ('Failing Open')
description When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions.
1
cwe_id 696
name Incorrect Behavior Order
description The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways which may produce resultant weaknesses.
2
cwe_id 754
name Improper Check for Unusual or Exceptional Conditions
description The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.
Exploits
Severity_range_score1.0 - 2.4
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-fuzq-n4az-z3ex