CVE-2026-26289 HIGH

CVE-2026-26289: Subnet Solutions PowerSYSTEM Center Incorrect Authorization

Vendor Subnet Solutions

Product PowerSYSTEM Center 2020

Weakness CWE-863 · Incorrect authorization

Published May 12, 2026

Last update May 13, 2026

View on NVD All CVEs

CVSS base score

8.4/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:H/SA:H

What the vulnerability does

01Description

PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only.

Key dates

02Disclosure timeline

May 12, 2026 CVE published

May 13, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-26289

Related vulnerabilities

Identifiers

CVE CVE-2026-26289

CWE CWE-863

CVSS 8.4 / HIGH

Affected versions

Vendor Subnet Solutions

Product PowerSYSTEM Center 2020

Affected ≥ 5.8.x and ≤ 5.28.x

Vendor Subnet Solutions

Product PowerSYSTEM Center 2024

Affected ≥ 6.0.x and ≤ 6.1.x

Vendor Subnet Solutions

Product PowerSYSTEM Center 2026

Affected 7.0.x

CVE-2026-26289: Subnet Solutions PowerSYSTEM Center Incorrect Authorization

01Description

02Disclosure timeline

03References

04Related CVE