CVE-2026-26289

HIGH NVD

CVSS Score 8.2

Severity HIGH

Published May 12, 2026

Vendor unknown

Description

PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only.

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-132-02.json
https://www.cisa.gov/news-events/ics-advisories/icsa-26-132-02