CVE-2026-8045

Summary

CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricEcoStruxure™ IT Data Center Expertv9.1.1 and Prioraffected

Weaknesses

  • CWE-611: CWE-611 Improper restriction of XML external entity reference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References