RCE in Schneider Electric Ecostruxure Building Operation Webstation

CVE-2026-1226

CWE‑94: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the application when maliciously crafted design content is processed through a TGML graphics file.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.001 (3.0th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References