CVE-2026-49322
MEDIUMDescription
Weak authentication in the Wireless Control Module (WCM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the user-set unlock PIN by passively observing a single PIN authentication exchange. The Infotainment Digital Round display computes its response using a non-cryptographic operation rather than a cryptographic challenge-response, so the PIN is mathematically derivable from one captured exchange, defeating the motorcycle's primary user-authentication control. Specific protocol details have been withheld pending vendor remediation.
Is your site exposed to CVE-2026-49322?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2026-49322? +
How severe is CVE-2026-49322? +
How do I check if I'm vulnerable to CVE-2026-49322? +
Related Vulnerabilities
A weakness identified in OpenText Advanced Authentication where a Malicious browser plugin can record and replay the user authentication process …
"Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie …
Transmitted data is logged between the device and the backend service. An attacker could use these logs to perform a …
Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the …
Use of fixed learning codes, one code to lock the car and the other code to unlock it, the Key …
Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a vulnerability in Time-based One-Time Password …