CVE-2026-1226
CWE-94Published: February 11, 2026· Updated: Feb 11, 2026
Official Description
CWE‑94: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the application when maliciously crafted design content is processed through a TGML graphics file.
Technical Analysis
CVE-2026-1226 requires local access, meaning attackers must already have a foothold on the target system.
Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
CVSS v3.1 Vector Breakdown
Exploit & PoC Resources
News & Research Mentioning CVE-2026-1226
View CSAF Summary Schneider Electric is aware of a vulnerability in EcoStruxure Building Operation Workstation and EcoStruxure Building Operation WebStation. [EcoStruxure Building Operation (EBO)](https://www.se.com/ww/en/product-range/62111-ecostruxure-building-operation-software/#overview) is an open and scalable software platform providing insight, control and management of multiple building systems and devices in one mobile-enabled convenient view. It delivers valuable data for decision-making to improve energy management and increase efficiency for better building performance and comfort, reduced carbon, and more sustainable building environments. Failure to apply the remediations below may risk exposure of local files or denial of service, whic [xlite_meta score:79 src:CISA Alerts xlite_fp:e1c34a4020e690f80b7eacd2574ecbdb89e687a59f6ad7d5f72b2a9220cb2d3c]
All References (1)
Quick Facts
Known Threat Actors
Related CVEs (CWE-94)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-1226 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts