CVE-2026-49316 – Indian Scout Bobber 2025 WCM CAN bus-off attack silently bypasses anti-theft shutdown

CVE ID :CVE-2026-49316

Published : May 29, 2026, 2:16 p.m. | 15 minutes ago

Description :Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle’s anti-theft shutdown by forcing the Wireless Control Module (WCM) into the CAN bus-off state. Using a well-known CAN error-frame injection technique against a periodic WCM transmission, the attacker drives the WCM CAN controller’s transmit error counter past the bus-off threshold, after which the WCM stops transmitting all messages, including the shutdown command. Peer ECUs do not interpret WCM silence as a security event and continue normal operation, allowing the motorcycle to be operated despite the immobilizer never having been unlocked. Specific protocol details have been withheld pending vendor remediation.

Severity: 4.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-4387 – Unencrypted storage of authentication state in StrongDM Desktop Application state.kv file

CVE-2026-48811 – FreeScout: Thread Deletion Bypasses Mailbox Access Revocation

CVE-2026-48810 – FreeScout: Thread Edit Authorization Bypass via Missing Mailbox Check

CVE-2026-48555 – Spatie Laravel Media Library < 11.23.0 SSRF via addMediaFromUrl()