HomeIntelligenceBrief
VULNERABILITY BRIEF🔴 Critical Vulnerability

Critical Unauthenticated RCE (CVE-2026-2417) in Pharos Controls Mosaic Show Controller Firmware Threatens Commercial Facilities

Pharos Controls disclosed CVE‑2026‑2417, a critical unauthenticated remote‑code‑execution flaw in Mosaic Show Controller firmware 2.15.3. The vulnerability affects commercial‑facility deployments worldwide and can be leveraged to take full control of the device, posing severe operational and safety risks for third‑party venues.

LiveThreat™ Intelligence · 📅 March 25, 2026· 📰 cisa.gov
🔴
Severity
Critical
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
5 recommended
📰
Source
cisa.gov

Critical Unauthenticated RCE (CVE‑2026‑2417) in Pharos Controls Mosaic Show Controller Firmware Threatens Commercial Facilities

What It Is – Pharos Controls disclosed a Missing Authentication for Critical Function vulnerability (CVE‑2026‑2417) in Mosaic Show Controller firmware 2.15.3. An unauthenticated attacker can bypass login checks and execute arbitrary commands with root privileges.

Exploitability – The flaw is rated CVSS 3.1 9.8 (Critical). No public exploit code has been released, but the vulnerability is trivial to weaponise given network access to the device.

Affected Products – Pharos Controls Mosaic Show Controller, firmware 2.15.3 (global deployments in commercial‑facility environments).

TPRM Impact – The controller is often embedded in digital‑signage, lighting, and building‑automation systems. Compromise can lead to operational disruption, safety hazards, and downstream effects on tenants or customers that rely on the venue’s services.

Recommended Actions

  • Upgrade immediately to Mosaic Show Controller firmware 2.16 or later.
  • Segment the controller on a dedicated VLAN and restrict inbound traffic to trusted management subnets.
  • Enforce strong network‑level authentication (e.g., VPN, zero‑trust gateway) for any remote access.
  • Monitor logs for unexpected command execution or connection attempts.
  • Maintain an inventory of all deployed Mosaic controllers and verify firmware versions.

Source: CISA Advisory – ICSA‑26‑083‑01

📰 Original Source
https://www.cisa.gov/news-events/ics-advisories/icsa-26-083-01

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →