Vulnerability Details CVE-2026-28256
A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 17.8%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2026-28256
-
cpe:2.3:a:trane:tracer_concierge:5.5
-
cpe:2.3:h:trane:tracer_sc+:-
-
cpe:2.3:h:trane:tracer_sc+:5.0
-
cpe:2.3:h:trane:tracer_sc+:5.1
-
cpe:2.3:h:trane:tracer_sc+:5.2
-
cpe:2.3:h:trane:tracer_sc+:5.3
-
cpe:2.3:h:trane:tracer_sc+:5.4
-
cpe:2.3:h:trane:tracer_sc+:5.5
-
cpe:2.3:h:trane:tracer_sc+:5.6
-
cpe:2.3:h:trane:tracer_sc+:5.7
-
cpe:2.3:h:trane:tracer_sc+:5.8
-
cpe:2.3:h:trane:tracer_sc+:6.0
-
cpe:2.3:h:trane:tracer_sc+:6.1
-
cpe:2.3:h:trane:tracer_sc+:6.2
-
cpe:2.3:h:trane:tracer_sc:-
-
cpe:2.3:o:trane:tracer_sc+_firmware:5.5
-
cpe:2.3:o:trane:tracer_sc_firmware:4.4