iba Deserialization Vulnerability: Critical RCE Flaw

Critical iba Deserialization Vulnerability Exposes ibaPDA and ibaDatCoordinator to RCE (CVE-2026-8024)

Do Son June 19, 2026 2 minutes read

At a glance

CVE: CVE-2026-8024
CVSS: 9.3 (Critical)
Product: ibaPDA
Affected: 1.0.0
Impact: Deserialization vulnerability in ibaPDA and ibaDatCoordinator
Status: No confirmed exploitation yet
Patched in: 8.14.0, 4.0.7
Action: Update to 8.14.0, 4.0.7 now

Unauthenticated RCE hits iba industrial software

A critical iba deserialization vulnerability could let remote attackers run arbitrary code on ibaPDA and ibaDatCoordinator. Tracked as CVE-2026-8024 and rated 9.3 on the CVSSv4 scale, the flaw needs no credentials and no user interaction. CERT@VDE published the advisory on June 17, 2026.

Both products are widely used in industrial data acquisition and automation. As a result, the bug puts measurement and process-data systems directly at risk.

How the iba deserialization vulnerability works

The root cause is a familiar one. Both applications fail to properly restrict the .NET BinaryFormatter when deserializing client-server input. Consequently, an attacker can trigger a type confusion and execute arbitrary code inside the affected software.

Because the code runs under the service user account, successful exploitation also enables privilege escalation. In short, a remote and unauthenticated attacker may gain full access to the targeted system. The issue maps to CWE-502, deserialization of untrusted data.

Affected versions and the fix

The flaw affects ibaPDA before v8.14.0 and ibaDatCoordinator before v4.0.7. Tenable researchers reported it, while CERT@VDE coordinated the disclosure.

iba has already shipped patched builds. Therefore, administrators should upgrade to ibaPDA v8.14.0 or ibaDatCoordinator v4.0.7 right away.

Mitigation while you patch

If immediate patching is not possible, restrict connections to localhost and tighten the Windows Firewall rules for the iba Client and Server. Above all, keep these services off untrusted networks.

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Written by

@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.

Critical Alert 1 Active Exploit Detected Today

Leave a Reply Cancel reply