CVE-2026-13743
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to upload arbitrary malicious firmware to the device. The following versions of CubeSpace CW0057 Reaction Wheel are affected: CW0057 Reaction Wheel CVSS Vendor Equipment Vulnerabilities v3 6.1 CubeSpace CubeSpace CW0057 Reaction Wheel Improper Verification of Cryptographic Signature Background Critical Infrastructure Sectors: Communications Countries/Areas Deployed: Worldwide Company Headquarters Location: South Africa Vulnerabilities Expand All + CVE-2026-13743 CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with physical access to the product to upload arbitrary malicious firmware to the device without authentication. View CVE Details Affected Products CubeSpace CW0057 Reaction Wheel Vendor: CubeSpace Product Version: CubeSpace CW0057 Reaction Wheel: <firmware_5.0.20 Product Status: known_affected Remediations Vendor fix CubeSpace has released the following firmware versions for users to enable: Firmware version 5.0.20. Firmware version 5.0.20 introduces the capability for cryptographically verified secure boot; however, this protection is not enabled by default. Users must activate signed‑boot functionality, particularly the fully immutable mode, to achieve full security. Mitigation CubeSpace acknowledges the finding. The CW0057 reaction wheel authenticates firmware updates with a CRC-32 integrity check, which confirms image integrity but does not verify the source of an image. Exploitation requires direct physical access to the device and is not exploitable remotely. A device affected by this method remains recoverable: the bootloader operates independently of the application firmware and can reload known-good, CubeSpace-supplied images, so an affected unit cannot be permanently disabled by this method. Starting with firmware version 5.0.20, Cube
CSIRTS triage
- What
- A vulnerability could allow an attacker to upload arbitrary malicious firmware.
- Who is affected
- Users of CubeSpace CW0057 Reaction Wheel with the specified firmware versions.
- Urgency
- Remediation is urgent due to the critical nature of the vulnerability.
- Action
- Update to firmware version 5.0.20 or later.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch CVE-2026-13743
Get an email if CVE-2026-13743 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.
Exploitation outlook
- Low exploitation risk0.12% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 2% of all EPSS-scored CVEs.
Advisory coverage (2)
- unknownCVE-2026-13743: CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Imprope…nvd · 2026-07-02
- criticalCubeSpace CW0057 Reaction Wheelcisa · 2026-07-02
External references
Embed the live status
— this badge updates automatically when the KEV or exploit status changes. How to embed it →
[](https://www.csirts.com/cve/CVE-2026-13743)