CVE-2026-1226_CVE-2026-1226

7 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

CWE‑94: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the application when maliciously crafted design content is processed through a TGML graphics file.

Basic Information

ID CVE-2026-1226

Source schneider

Published Feb 11, 2026 at 13:49

Modified Feb 11, 2026 at 14:07

Affected Product

Vendor Schneider Electric

Product EcoStruxure Building Operation Workstation

Version All 7.0.x versions prior to 7.0.2

Affected Versions Schneider Electric EcoStruxure Building Operation Workstation All 7.0.x versions prior to 7.0.2
Schneider Electric EcoStruxure Building Operation Webstation All 6.0.x versions prior to 6.0.4.7000 (CP5)

CWE Classification

CWE-94

References

download.schneider-electric.com /files

{
    "lastseen": "",
    "description": "CWE\u201194: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the application when maliciously crafted design content is processed through a TGML graphics file.",
    "published": "2026-02-11T13:49:45.465Z",
    "modified": "2026-02-11T14:07:27.708Z",
    "type": "cve",
    "title": "CVE-2026-1226",
    "source": "schneider",
    "references": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-041-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-041-02.pdf",
    "id": "CVE-2026-1226",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "Schneider Electric EcoStruxure Building Operation Workstation All 7.0.x versions prior to 7.0.2\nSchneider Electric EcoStruxure Building Operation Webstation All 6.0.x versions prior to 6.0.4.7000 (CP5)",
    "sourceHref": "",
    "cvss": {
        "score": 7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EcoStruxure Building Operation Workstation",
    "version": "All 7.0.x versions prior to 7.0.2",
    "vendor": "Schneider Electric",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}