Vulnerability in Trane Tracer Concierge

CVE-2026-28253

A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition

EPSS: 0.001 (22.1th percentile) — read the EPSS interpretation.

Affected products

Trane Tracer Concierge — versions 0
Trane Tracer Sc — versions 0
Trane Tracer Sc+ — versions 0

Weakness classification (CWE)

CWE-789

References

www.cisa.gov/news-events/ics-advisories/icsa-26-071-01 (government-resource)