HIGHCVE-2026-26289Published Modified CNA icscert
CVE-2026-26289: Subnet Solutions PowerSYSTEM Center Incorrect Authorization
PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only.
Metrics
- CVSS v4.0
- 8.4
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 3
Affected packages
- Subnet Solutions / PowerSYSTEM Center 2020≤ 5.28.x
- Subnet Solutions / PowerSYSTEM Center 2024≤ 6.1.x
- Subnet Solutions / PowerSYSTEM Center 20267.0.x
CVSS Vector
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:H/SA:HReferences