CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-28254

A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 20.3%

CVSS Severity

CVSS v3 Score 7.5

References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-071-01

Products affected by CVE-2026-28254

Trane » Tracer Concierge » Version: 5.5

cpe:2.3:a:trane:tracer_concierge:5.5
Trane » Tracer Sc+ » Version: N/A

cpe:2.3:h:trane:tracer_sc+:-
Trane » Tracer Sc » Version: N/A

cpe:2.3:h:trane:tracer_sc:-
Trane » Tracer Sc+ Firmware » Version: 5.5

cpe:2.3:o:trane:tracer_sc+_firmware:5.5
Trane » Tracer Sc Firmware » Version: 4.4

cpe:2.3:o:trane:tracer_sc_firmware:4.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-28254

Products

Pricing

Contact Us