REST API Vulnerability in PowerSYSTEM Center by CISA
CVE-2026-26289

8.4HIGH

Key Information:

Vendor: Subnet Solutions
Status: Powersystem Center 2020; Powersystem Center 2024; Powersystem Center 2026
Vendor: CVE Published:; 12 May 2026

🔔 Create Subnet Solutions Vulnerability Alert

What is CVE-2026-26289?

The PowerSYSTEM Center REST API contains a vulnerability that allows authenticated users with limited permissions to access sensitive information typically restricted to administrative roles. This loophole could potentially expose critical data, raising significant security concerns for organizations relying on the PowerSYSTEM Center. Proper access controls and regular security audits are essential to mitigate risks related to this vulnerability.

Affected Version(s)

PowerSYSTEM Center 2020 5.8.x <= 5.28.x

PowerSYSTEM Center 2024 6.0.x <= 6.1.x

PowerSYSTEM Center 2026 7.0.x

References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-1...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 16, 2026

Credit

Kelly Stich of Subnet Solutions Inc. reported these vulnerabilities to CISA.

CVE-2026-26289 Data

JSON