CVE-2026-1507 HIGH

CVE-2026-1507: Uncaught Exception vulnerability in AVEVA PI Data Archive

Vendor Aveva
Product PI Data Archive PI Server
Weakness CWE-248
Published February 10, 2026
Last update February 12, 2026

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service.

Key dates

02Disclosure timeline

February 10, 2026 CVE published
February 12, 2026 Record updated