Directory Access and Content Alteration Vulnerability in REB500 by Hitachi Energy
CVE-2026-2460

7.6HIGH

Key Information:

Vendor: Hitachi
Status: Relion Reb500
Vendor: CVE Published:; 24 February 2026

What is CVE-2026-2460?

A security vulnerability in the REB500 device allows authenticated users with limited privileges to access and modify the contents of restricted directories. This unauthorized access occurs through the DAC protocol, potentially leading to misuse of sensitive information and disruption of normal operations. Proper security measures must be implemented to prevent exploitation of this flaw.

Affected Version(s)

Relion REB500 8.0.0.0 <= 8.3.3.0

References

https://publisher.hitachienergy.com/preview?DocumentID=8D...

CVSS V4

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2026
Vulnerability Reserved
Feb 13, 2026

CVE-2026-2460 Data

JSON