Pharos Controls Patches Critical Root Access Flaw in Mosaic Show Controllers
Take action: Make sure all Pharos Mosaic Show Controllers are isolated from the internet and accessible from trusted networks only. Check your version, if you are running 2.15.3, you are at risk. Plan an update the firmware to version 2.16 or later.
Learn More
CISA and Pharos Controls, a United Kingdom-based lighting control manufacturer, released a security advisory regarding its Mosaic Show Controller. These controllers are used globally within commercial facilities to manage complex lighting installations.
The vulnerability is tracked as CVE-2026-2417 (CVSS score 9.8) A missing authentication for critical function vulnerability. The flaw allows an unauthenticated attacker to bypass security checks and run arbitrary commands with root privileges. By sending specific network requests to the controller, an attacker can gain administrative access without providing any credentials.
Successful exploitation grants an attacker root-level access to the lighting control system. This level of access lets an attacker change show data, stop lighting operations, or use the device as a starting point to move through the connected network. In commercial environments, this can lead to operational downtime or the theft of sensitive network configuration data stored on the device.
The vulnerability impacts the Pharos Controls Mosaic Show Controller running firmware version 2.15.3.
Pharos Controls recommends that all users upgrade their Mosaic Show Controller firmware to version 2.16 or later to fix the issue.
Administrators should also reduce network exposure by making sure control systems are not reachable from the public internet. If you need remote access, use secure VPNs and place the controllers behind firewalls to keep them separate from your main business networks.
