XXE in Schneider Electric Ecostruxure Building Operation Webstation

CVE-2026-1227

CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized disclosure of local files, interaction within the EBO system, or denial of service conditions when a local user uploads a spe…

Vulnerability class: XXE (XML External Entity)

EPSS: 0.001 (1.3th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References