A critical vulnerability, identified as CVE-2026-4769, has been discovered in WAGO System I/O field devices, rated with a CVSS score of 9.8, indicating severe security risks due to unauthenticated access to internal diagnostic interfaces. This flaw allows remote attackers to potentially compromise the system during an undocumented early-boot phase.
Although there are currently no confirmed exploits in the wild, users are strongly advised to update their devices to patched firmware versions (e.g., 1.2.1.100, 1.2.7.100) without delay. Regulatory bodies, such as CERT@VDE, emphasize the urgency of this issue and recommend restricting network access until patches are applied.