Critical RCE Vulnerability in Airleader Master Industrial Monitoring Systems
Take action: Make sure your Airleader Master is isolated from the internet and accessible only from trusted networks. Then plan a very quick update to version 6.386. If you have isolated the equipment you have a bit of breathing room, but don't forget to patch. Any isolation will be breached given enough time.
Learn More
CISA and Airleader GmbH, a German industrial control system (ICS) specialist, report a critical security threat in its Airleader Master monitoring and optimization platform that allows unauthenticated remote code execution.
The flaw is tracked as CVE-2026-1358 (CVSS score 9.8) - An unrestricted file upload vulnerability in the file handling component of multiple webpages running with maximum privileges. The flaw allows unauthenticated attackers to upload dangerous file types directly to the server, which the system then processes and executes.
Because Airleader Master optimizes and monitors complex industrial systems, a compromise could lead to operational disruption or physical sabotage.
The vulnerability impacts Airleader Master versions 6.381 and prior.
Organizations must upgrade to Airleader Master version 6.386 or later. CISA recommends isolating ICS networks from the internet and placing them behind firewalls to prevent external access. If remote access is necessary, administrators should use updated VPNs and perform a full risk assessment before deployment to ensure the security of connected devices.
