Skip to main content
World Today News
  • Home
  • News
  • World
  • Sport
  • Entertainment
  • Business
  • Health
  • Technology
Menu
  • Home
  • News
  • World
  • Sport
  • Entertainment
  • Business
  • Health
  • Technology

Critical CVSS 9.8 Flaw in Vertiv Hardware Puts Servers at Severe Risk

June 10, 2026 Rachel Kim – Technology Editor Technology

A critical vulnerability identified in Vertiv Geist Uninterruptible Power Supply (UPS) devices allows unauthorized remote attackers to gain full control over affected hardware. Assigned a CVSS score of 9.8, the security flaw permits remote code execution without requiring user authentication, according to the Cybersecurity and Infrastructure Security Agency (CISA).

Affected Hardware and Technical Impact

The vulnerability, tracked as CVE-2024-7026, impacts specific firmware versions of the Vertiv Geist switchable and outlet-metered rack power distribution units (PDUs). Because the flaw exists within the device’s web interface, it allows an unauthenticated actor to execute arbitrary commands with administrative privileges.

According to security disclosures, the vulnerability stems from improper input validation. By sending specially crafted network packets to the device, an attacker can bypass existing security controls. Because these units are typically deployed to manage power for high-density server environments, a successful exploit provides an attacker with the ability to cycle power, shut down servers, or manipulate environmental sensors connected to the PDU.

Risk Mitigation and Firmware Updates

CISA Warns of Hackers Actively Exploiting a Critical Langflow Framework Vulnerability

Vertiv has released firmware updates to address the flaw. System administrators are advised to verify their current firmware version against the list of vulnerable releases provided by the manufacturer.

CISA added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, formalizing the requirement for federal agencies to remediate the issue within a mandated timeframe. For organizations outside of the federal government, the agency recommends immediate patching as the primary defense against potential exploitation. If patching is not immediately feasible, security guidelines suggest isolating the management interfaces of power distribution units behind a dedicated, firewalled management network to prevent direct exposure to the public internet.

Comparison with Prior Infrastructure Vulnerabilities

The severity of this flaw aligns with recent trends in industrial control system (ICS) security, where management interfaces for power and cooling hardware have become primary targets for network-based attacks. While previous vulnerabilities in data center infrastructure often required local access or complex chain exploits, CVE-2024-7026 is notable for its high exploitability score and lack of required authentication.

Unlike standard server software vulnerabilities, which often impact data confidentiality, this hardware flaw poses a direct risk to physical availability. By manipulating the power state of the PDU, an attacker can initiate a forced system outage, effectively bypassing standard software-based disaster recovery protocols. Vertiv continues to monitor for reports of active exploitation in enterprise environments.

Share this:

  • Share on Facebook (Opens in new window) Facebook
  • Share on X (Opens in new window) X

Related

Search:

World Today News

World Today News is your trusted source for global journalism — breaking headlines, in-depth analysis, and reporting from around the world.

Quick Links

  • Privacy Policy
  • About Us
  • Accessibility statement
  • California Privacy Notice (CCPA/CPRA)
  • Contact
  • Cookie Policy
  • Disclaimer
  • DMCA Policy
  • Do not sell my info
  • EDITORIAL TEAM
  • Terms & Conditions

Browse by Location

  • GB
  • NZ
  • US

Connect With Us

© 2026 World Today News. All rights reserved. Your trusted global news source directory.
For contact, advertising, copyright, issues email: [email protected]

Privacy Policy Terms of Service