KiloView Encoder Account Takeover Vulnerability
Take action: Make sure all KiloView devices are isolated from the internet and accessible from trusted networks only. Then reach out to the vendor to get information of any upcoming patches. At the moment, there is no patch available.
Learn More
CISA issued a security advisory for a severe flaw in KiloView video encoders that enables full device takeover.
The flaw is tracked as CVE-2026-1453 (CVSS score 9.8) - Missing authentication for important functions and allows unauthenticated attackers with network access to perform administrative tasks like creating new administrator accounts or delete existing ones.
Multiple hardware versions are affected, including the E1, E1-s, E2, G1, P1, P2, and RE1 series video encoders, which are common in media and IT setups.
KiloView has not collaborated with CISA on this bug. There is no official software update available to the public at this time. Owners of these devices should contact KiloView support to ask for assistance or private updates.
Organizations are advised to isolate the devices from the internet. Use Virtual Private Network (VPN) for remote access.
