CVE-2026-1227

Published: Feb 11, 2026

Modified: Feb 11, 2026

PUBLISHED

Description

CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized disclosure of local files, interaction within the EBO system, or denial of service conditions when a local user uploads a specially crafted TGML graphics file to the EBO server from Workstation.

Vendor	Product	Versions
Schneider Electric	EcoStruxure Building Operation Workstation	affected `All 7.0.x versions prior to 7.0.3.2000 (CP1)`
Schneider Electric	EcoStruxure Building Operation Webstation	affected `All 6.x versions prior to 6.0.4.14001 (CP10)`

Weaknesses (CWE)

CWE-611

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-041-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-041-02.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-1227

Description

Affected Products

Weaknesses (CWE)

References