Denial-of-Service Vulnerability in Core PI Services by a Leading Vendor
CVE-2026-1507

8.7HIGH

Key Information:

Vendor: Aveva
Status: Pi Data Archive Pi Server
Vendor: CVE Published:; 10 February 2026

What is CVE-2026-1507?

The vulnerability presents an unhandled exception within Core PI Services, allowing unauthenticated attackers to execute remote commands that could lead to a crash of core functionalities, thereby causing a denial-of-service condition. This flaw highlights the necessity for robust exception handling mechanisms to safeguard critical services against unauthorized disruptions.

Affected Version(s)

PI Data Archive PI Server 0 <= 2018_SP3_Patch_7

References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-0...

government-resource

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 10, 2026
Vulnerability Reserved
Jan 27, 2026

CVE-2026-1507 Data

JSON

Aveva

What is CVE-2026-1507?

Affected Version(s)

References

CVSS V4

Timeline