The Universal Robots PolyScope 5 vulnerability (CVE-2026-8153) reveals a systemic weakness in collaborative robot fleets that extends far beyond remote code execution. While the vendor correctly notes that direct internet exposure is uncommon, the flaw’s true impact lies in flat OT networks where an initial foothold—via compromised HMIs, legacy Modbus gateways, or supply-chain malware—allows attackers to pivot directly to physical control loops. This mirrors patterns seen in the 2023 Polish ICS incidents at water plants and the 2024 Claude-assisted OT intrusion, where attackers leveraged similar unsegmented segments to reach safety-critical assets. Unlike traditional IT flaws, successful exploitation here enables immediate manipulation of motion trajectories, force limits, and end-effector commands, creating both immediate human-safety hazards and longer-term production sabotage through subtle parameter drift that evades quality checks. Universal Robots’ advisory understates the fleet-level propagation risk; once inside the control box, an attacker can enumerate connected EtherNet/IP devices and cascade compromise across an entire line. The convergence of IT/OT in Industry 4.0 has outpaced segmentation practices, turning cobots from productivity tools into potential kinetic weapons in geopolitical supply-chain conflicts.