Vulnerability Details CVE-2026-28252
A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authentication and gain root-level access to the device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.8%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2026-28252
-
cpe:2.3:a:trane:tracer_concierge:5.5
-
cpe:2.3:h:trane:tracer_sc+:-
-
cpe:2.3:h:trane:tracer_sc:-
-
cpe:2.3:o:trane:tracer_sc+_firmware:5.5
-
cpe:2.3:o:trane:tracer_sc_firmware:4.4