Vulnerability Description
PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only.
CVSS Score
8.2
HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
Related Weaknesses (CWE)
References
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-13
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-132-02
FAQ
What is CVE-2026-26289?
CVE-2026-26289 is a vulnerability with a CVSS score of 8.2 (HIGH). PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions o...
How severe is CVE-2026-26289?
CVE-2026-26289 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-26289?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.