← back
CVE-2026-26289

Subnet Solutions PowerSYSTEM Center Incorrect Authorization

CVSS 8.4 HIGHEPSS 0.1%CWE-863
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.4EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
12 May 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only.
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:H/SA:H
Affected products
Subnet Solutions · PowerSYSTEM Center 2020Subnet Solutions · PowerSYSTEM Center 2024Subnet Solutions · PowerSYSTEM Center 2026

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-132-02.jsonhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-132-02