Vulnerability Details CVE-2026-28253
A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 22.2%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2026-28253
-
cpe:2.3:a:trane:tracer_concierge:5.5
-
cpe:2.3:h:trane:tracer_sc+:-
-
cpe:2.3:h:trane:tracer_sc+:5.0
-
cpe:2.3:h:trane:tracer_sc+:5.1
-
cpe:2.3:h:trane:tracer_sc+:5.2
-
cpe:2.3:h:trane:tracer_sc+:5.3
-
cpe:2.3:h:trane:tracer_sc+:5.4
-
cpe:2.3:h:trane:tracer_sc+:5.5
-
cpe:2.3:h:trane:tracer_sc+:5.6
-
cpe:2.3:h:trane:tracer_sc+:5.7
-
cpe:2.3:h:trane:tracer_sc+:5.8
-
cpe:2.3:h:trane:tracer_sc+:6.0
-
cpe:2.3:h:trane:tracer_sc+:6.1
-
cpe:2.3:h:trane:tracer_sc+:6.2
-
cpe:2.3:h:trane:tracer_sc:-
-
cpe:2.3:o:trane:tracer_sc+_firmware:5.5
-
cpe:2.3:o:trane:tracer_sc_firmware:4.4