ACCORDING to the Cybersecurity and Infrastructure Security Agency (CISA), a high‑priority alert has been issued for a maximum‑severity vulnerability in KiloView encoders, CVE‑2026‑1453, with a CVSS score of 9.8. The flaw stems from missing authentication for critical functions, effectively leaving the device’s front door unlocked so that anyone with network access can take over.
The advisory states that the vulnerability allows unauthorised users to perform administrative actions without logging in, enabling the attacker to create or delete administrator accounts and seize full administrative control over the product. Affected are Encoder Series E1 (Hardware V1.4 and V1.6.20), E1‑s (Hardware V1.4) and E2 (Hardware V1.7.20 and V1.8.20), with firmware versions including 4.7.2516, 4.8.2523 and 4.8.2611 among others.
For broadcasters, the risks include disrupted live feeds or content replacements, and the guidance urges auditing of hardware versions and applying vendor updates or isolating these devices from untrusted networks until a fix can be verified.