Vulnerability Details CVE-2026-28256
A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.9%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2026-28256
-
cpe:2.3:a:trane:tracer_concierge:5.5
-
cpe:2.3:h:trane:tracer_sc+:-
-
cpe:2.3:h:trane:tracer_sc:-
-
cpe:2.3:o:trane:tracer_sc+_firmware:5.5
-
cpe:2.3:o:trane:tracer_sc_firmware:4.4