CVE-2026-13743
LowCVSS 3.3Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
A vulnerability in CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 is due to improper verification of cryptographic signatures. This allows an attacker with physical access to upload arbitrary malicious firmware without authentication.
Risk Assessment
The risk involves potential takeover of the device by an attacker with physical access, which could lead to unauthorized changes in satellite system or other critical infrastructure operations.
Recommendation
Immediately update the CubeSpace CW0057 Reaction Wheel firmware to version 5.0.20 or later. Restrict physical access to devices and implement authentication mechanisms for firmware updates.
Original NVD description (English source)
CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with physical access to the product to upload arbitrary malicious firmware to the device without authentication.

