Automotive Zero-Day Vulnerabilities
VIEW DATABASEThe Criticality of Zero-Day Vulnerabilities Beyond Known Threats
Zero-day vulnerabilities currently have no vendor patch solution, but their exploitability has already been confirmed. What does this mean to organizations and enterprises?
Potential for Serious Damage
Confirmed zero-day vulnerabilities empower malicious actors to exploit them to execute attacks that could have dire consequences.
Lack of Defense
In the absence of a solution, attackers have ample time to exploit zero-day vulnerabilities repeatedly.
Wide-Ranging Impact
Given that the same open-source software and modules are utilized across multiple ECUs, zero-day vulnerabilities can affect numerous components.
Real-World Exploits Triggered by Zero-Day Vulnerabilities
at Pwn2Own Vancouver
Real-World Exploit Intelligence
The Latest Automotive Zero-Day Vulnerability Database
The following is a list of automotive vulnerabilities discovered by researchers through Trend Zero Day Initiative™ (ZDI) that are yet to be publicly disclosed. This initial list comprises zero-day vulnerabilities discovered at Pwn2Own Automotive, hosted by VicOne with Trend ZDI. For each vulnerability, the affected vendor has been contacted and is expected to develop a patch. These vulnerabilities are handled according to the Trend ZDI Disclosure Policy. The zero-day identifier of a vulnerability refers to the candidate (CAN) number assigned to the vulnerability by Trend ZDI.
| Zero-day identifier | CVE | Category | Impact |
|---|
Want to know if you've been impacted?
Contact us to assess risks →
Gain Advantage With Unique Zero-Day Insights
VicOne's best-in-class automotive threat intelligence includes early access to vital information on automotive zero-day vulnerabilities:
- Gain Early Warning: We empower OEMs, suppliers, and stakeholders with risk assessment capabilities. We will assess whether your components or software versions are impacted by zero-day vulnerabilities ahead of competitors, allowing for better resource allocation during planning. This approach complies with the spirit of ISO/SAE 21434 by helping you monitor newly emerged vulnerabilities.
- Gain Early Protection: We will evaluate how to collaborate with you based on attack tactics, techniques, and procedures to create effective virtual patches for safeguarding your system.
Want to know if you've been impacted?
Contact us to assess risks →
No. 1
in vulnerability discovery and disclosure since 2007*
5+ years
of partnership with Tesla for Pwn2Own, starting in 2017
*Source: Omdia Research, Quantifying the Public Vulnerability Market: 2024 Edition
More Insights Into Automotive Zero-Day Vulnerabilities From VicOne
GAIN INSIGHTS INTO AUTOMOTIVE CYBERSECURITY
Prerequisites for Vulnerability Management in Automotive Cybersecurity in the AI Era
As AI accelerates exploit development, CVSS scores alone no longer suffice. Here's what automotive OEMs and suppliers must prioritize now.
READ MORE →Copy Fail and DirtyFrag: When Linux Kernel Flaws Become Automotive Cybersecurity Risks
Copy Fail (CVE-2026-31431) exposes how a Linux kernel flaw can impact automotive systems. See the risk, MITRE mapping, and xCarbon response.
READ MORE →VicOne Situational Awareness Report: Cybersecurity in the Automotive, Transportation, and Logistics Sectors in Q1 2026
VicOne recorded 405 automotive cybersecurity incidents in Q1 2026. Ransomware persisted, EV charging incidents tripled, and AI emerged as a new attack surface. This report breaks down the threats by region, domain, and vulnerability type.
READ MORE →AI Supply Chain Attacks Are Here: What Automotive OEMs Need to Know
AI supply chain attacks are no longer theoretical. VicOne's Automotive CyberThreat Research Lab breaks down how attackers are exploiting AI development tooling, why automotive OEMs face elevated exposure, and what security teams should do now.
READ MORE →