CVE-2026-1227
CWE-611Published: February 11, 2026· Updated: Feb 11, 2026
Official Description
CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized disclosure of local files, interaction within the EBO system, or denial of service conditions when a local user uploads a specially crafted TGML graphics file to the EBO server from Workstation.
Technical Analysis
CVE-2026-1227 requires local access, meaning attackers must already have a foothold on the target system.
Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
CVSS v3.1 Vector Breakdown
Exploit & PoC Resources
News & Research Mentioning CVE-2026-1227
View CSAF Summary Schneider Electric is aware of a vulnerability in EcoStruxure Building Operation Workstation and EcoStruxure Building Operation WebStation. [EcoStruxure Building Operation (EBO)](https://www.se.com/ww/en/product-range/62111-ecostruxure-building-operation-software/#overview) is an open and scalable software platform providing insight, control and management of multiple building systems and devices in one mobile-enabled convenient view. It delivers valuable data for decision-making to improve energy management and increase efficiency for better building performance and comfort, reduced carbon, and more sustainable building environments. Failure to apply the remediations below may risk exposure of local files or denial of service, whic [xlite_meta score:79 src:CISA Alerts xlite_fp:e1c34a4020e690f80b7eacd2574ecbdb89e687a59f6ad7d5f72b2a9220cb2d3c]
All References (1)
Quick Facts
Known Threat Actors
Related CVEs (CWE-611)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-1227 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts