CVE-2026-26289

Summary

PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only.

Affected Software

VendorProductVersion RangeStatus
Subnet SolutionsPowerSYSTEM Center 20205.8.x <= 5.28.xaffected
Subnet SolutionsPowerSYSTEM Center 20246.0.x <= 6.1.xaffected
Subnet SolutionsPowerSYSTEM Center 20267.0.xaffected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References