CVE-2026-49325
Deferred Deferred - Pending Action
Physical Bypass in Indian Motorcycle Scout Bobber

Publication date: 2026-05-29

Last updated on: 2026-05-29

Assigner: Automotive Security Research Group (ASRG)

Description
Improper handling of physical conditions in the bike-shutdown control of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows a physical attacker with access to the Wireless Control Module (WCM) wiring harness to bypass the anti-theft shutdown. The WCM signals shutdown to a peer ECU via a falling-edge voltage transition on a dedicated wire pair. The receiving ECU does not distinguish between an active shutdown pulse and an open-circuit / disconnected condition; interrupting the relevant wires leaves the motorcycle fully operable even though the WCM never validated the rider's PIN. Specific connector details have been withheld pending vendor remediation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-05-29
Generated
2026-06-19
AI Q&A
2026-05-29
EPSS Evaluated
2026-06-18
NVD
CVE-2026-49325
EUVD
EUVD-2026-33292
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
indian_motorcycle scout_bobber 2025
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-693 The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
CWE-1384 The product does not properly handle unexpected physical or environmental conditions that occur naturally or are artificially induced.
CWE-754 The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves improper handling of physical conditions in the bike-shutdown control system of the Indian Motorcycle Scout Bobber + Tech 2025 model year. A physical attacker with access to the Wireless Control Module (WCM) wiring harness can bypass the anti-theft shutdown mechanism. The WCM signals shutdown to a peer ECU using a falling-edge voltage transition on a dedicated wire pair. However, the receiving ECU cannot distinguish between a legitimate shutdown signal and a disconnected or open-circuit condition. By interrupting the relevant wires, the attacker can keep the motorcycle fully operable without the WCM validating the rider's PIN.

Impact Analysis

This vulnerability allows an attacker with physical access to the motorcycle's wiring harness to bypass the anti-theft shutdown control, effectively enabling unauthorized use or theft of the motorcycle. Since the shutdown signal can be spoofed by disconnecting wires, the motorcycle remains operable without proper authentication, compromising the security and availability of the vehicle.

Detection Guidance

This vulnerability involves physical manipulation of the Wireless Control Module (WCM) wiring harness to bypass the anti-theft shutdown on the Indian Motorcycle Scout Bobber + Tech 2025 model. Detection requires physical inspection of the WCM wiring harness for signs of tampering or disconnection.

Since the vulnerability is related to physical wiring and hardware signals rather than network traffic or software logs, there are no specific network or system commands that can directly detect this issue.

Monitoring the motorcycle's behavior for unexpected operability despite the anti-theft system being engaged may indicate exploitation of this vulnerability.

Mitigation Strategies

Immediate mitigation involves securing physical access to the Wireless Control Module (WCM) wiring harness to prevent unauthorized manipulation.

Inspect and protect the wiring harness to ensure it is not disconnected or tampered with, as interrupting the wires allows bypassing the anti-theft shutdown.

Await vendor remediation for specific connector details and potential hardware or firmware updates that address the improper handling of physical conditions.

Consider additional physical security measures such as tamper-evident seals or enclosures around the WCM wiring harness.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-49325. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart