cve-2026-8108

CVE-2026-8108 is a privilege escalation vulnerability in Fuji Electric Tellus 5.0.2, a Windows-based HMI and monitoring software used in industrial control systems. The flaw resides in a kernel driver installed by Tellus that grants overly permissive access, allowing a local user to elevate privileges to SYSTEM on affected Windows machines. Published in a CISA advisory on May 12, 2026, this vulnerability is not remotely exploitable but poses a significant risk in environments where workstations are not tightly controlled. For plant operators, integrators, and engineering teams, CVE-2026-8108 underscores the importance of treating industrial Windows systems with the same endpoint discipline as enterprise IT, especially when kernel-level software is involved.