CVE-2026-49318

This CVE affects the Infotainment / Digital Round display in the Indian Motorcycle Scout Bobber + Tech 2025 model year. The root cause is an incorrect behavior order during boot: the system uses the presence of Wireless Control Module (WCM) traffic as a proxy for whether an immobilizer is fitted....

EUVD-2026-33313

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

CVE-2026-49318

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

CVE-2026-49324

Uncontrolled resource consumption in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with write access to the in-vehicle network to permanently immobilize the motorcycle. The WCM enforces a brute-force lockout on the...

CVE-2026-49323

Weak authentication between the Wireless Control Module WCM and the Engine Control Module ECM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the per-vehicle ECM immobilizer secret by passively...

CVE-2026-44237

Summary: CVE-2026-44237 affects FreePBX before 17.0.8. The api module’s OAuth2 flow does not validate client credentials during token issuance; validateClient() in ClientRepository.php unconditionally returns true. This allows any party with a valid client_id to obtain OAuth2 access tokens withou...

CVE-2026-44237 FreePBX: Authenticated Access can lead to Subsequent OAuth2 Authentication Bypass in API Module

FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently validate client credentials during token issuance. Knowledge of a valid clientid is required. The validateClient method in ClientRepository.php unconditionally returns true,...

EUVD-2026-33297

FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJAX handler includes PHP files based on user-supplied input without path sanitization. The $REQUEST'rawname' parameter is concatenated into an include call with a .class.php suffix, allowing path...

CVE-2026-44239

Affected software : FreePBX Dashboard module (Dashboard getcontent AJAX handler). Vulnerability : Prior to 16.0.22 and 17.0.5, the handler includes PHP files based on unsanitized user input, concatenating $_REQUEST['rawname'] into an include() call with a .class.php suffix. This enables path trav...

CVE-2026-49317 Indian Scout Bobber 2025 Infotainment Digital Round skips PIN entry when WCM is silent at boot

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

CVE-2026-49317 Indian Scout Bobber 2025 Infotainment Digital Round skips PIN entry when WCM is silent at boot

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

EUVD-2026-33296

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

CVE-2026-49317

The CVE CVE-2026-49317 affects the Infotainment Digital Round on the Indian Scout Bobber + Tech 2025 model year. The vulnerability arises when the boot window relies on Wireless Control Module (WCM) traffic as a proxy for immobilizer presence. If no WCM messages are observed (e.g., by silencing W...

CVE-2026-49317

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

EUVD-2026-33293

Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module WCM into the CAN bus-off state. Using a well-known CAN...

CVE-2026-49316 Indian Scout Bobber 2025 WCM CAN bus-off attack silently bypasses anti-theft shutdown

Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module WCM into the CAN bus-off state. Using a well-known CAN...

CVE-2026-49316

The CVE-2026-49316 entry describes an in-vehicle CAN bus‑level fault: an adjacent-network attacker can force the Wireless Control Module (WCM) into bus‑off via a CAN error‑frame‑injection technique against periodic WCM transmissions. This drives the WCM CAN controller’s transmit error counter pas...

CVE-2026-49316

Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module WCM into the CAN bus-off state. Using a well-known CAN...

CVE-2026-49325 Indian Scout Bobber 2025 WCM voltage-based shutdown

Improper handling of physical conditions in the bike-shutdown control of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows a physical attacker with access to the Wireless Control Module WCM wiring harness to bypass the anti-theft shutdown. The WCM signals shutdown to a peer ECU via...

CVE-2026-49325 Indian Scout Bobber 2025 WCM voltage-based shutdown

Improper handling of physical conditions in the bike-shutdown control of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows a physical attacker with access to the Wireless Control Module WCM wiring harness to bypass the anti-theft shutdown. The WCM signals shutdown to a peer ECU via...