CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-28255

A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 14.5%

CVSS Severity

CVSS v3 Score 9.8

References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-071-01

Products affected by CVE-2026-28255

Trane » Tracer Concierge » Version: 5.5

cpe:2.3:a:trane:tracer_concierge:5.5
Trane » Tracer Sc+ » Version: N/A

cpe:2.3:h:trane:tracer_sc+:-
Trane » Tracer Sc » Version: N/A

cpe:2.3:h:trane:tracer_sc:-
Trane » Tracer Sc+ Firmware » Version: 5.5

cpe:2.3:o:trane:tracer_sc+_firmware:5.5
Trane » Tracer Sc Firmware » Version: 4.4

cpe:2.3:o:trane:tracer_sc_firmware:4.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-28255

Products

Pricing

Contact Us