CVE-2026-6866

Initialization of a Resource with an Insecure Default vulnerability on EcoStruxure™ Panel Server

CVSS 8.2 HIGHEPSS 0.3%CWE-1188

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.2EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

12 May 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials.

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

Schneider Electric · EcoStruxure™ Panel Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-132-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-132-04.pdf