CVE-2026-0936 MEDIUM

CVE-2026-0936: Insertion of Sensitive Information into Logfile

Vendor B&R Industrial Automation Gmbh
Product Process Visualization Interface (PVI)
Weakness CWE-532 · Sensitive info in logs
Published January 29, 2026
Last update January 29, 2026

CVSS base score

5.1/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

An Insertion of Sensitive Information into Log File vulnerability in B&R PVI client versions prior to 6.5 may be abused by an authenticated local attacker to gather credential information which is processed by the PVI client application. The logging function of the PVI client application is disabled by default and must be explicitly enabled by the user.

Key dates

02Disclosure timeline

January 29, 2026 CVE published
January 29, 2026 Record updated