Improper XML External Entity Reference in Schneider Electric Products
CVE-2026-8045

7.1HIGH

Key Information:

Vendor: Schneider Electric
Status: Ecostruxure™ It Data Center Expert
Vendor: CVE Published:; 9 June 2026

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2026-8045?

The vulnerability arises from improper restrictions on XML External Entity (XXE) references within Schneider Electric's SOAP service. When an attacker possessing a Data Center Expert user account submits specially crafted XML payloads to exposed SOAP service endpoints, this can lead to unauthorized access to sensitive information. Specifically, the flaw could allow attackers to retrieve server-side file contents, posing significant risks to data integrity and confidentiality.

Affected Version(s)

EcoStruxure™ IT Data Center Expert v9.1.1 and Prior

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2026
Vulnerability Reserved
May 6, 2026

CVE-2026-8045 Data

JSON