CVE-2026-28256 MEDIUM

CVE-2026-28256: Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge

Vendor Trane
Product Tracer SC
Weakness CWE-547
Published March 12, 2026
Last update March 12, 2026
View on NVD All CVEs

CVSS base score

6.9/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

What the vulnerability does

01Description

A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.

Key dates

02Disclosure timeline

March 12, 2026 CVE published
March 12, 2026 Record updated