Vulnerability in Trane Tracer Concierge

CVE-2026-28255

A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.

EPSS: 0.001 (16.3th percentile) — read the EPSS interpretation.

Affected products

Trane Tracer Concierge — versions 0
Trane Tracer Sc — versions 0
Trane Tracer Sc+ — versions 0

Weakness classification (CWE)

CWE-798 — Use of Hard-coded Credentials

References

www.cisa.gov/news-events/ics-advisories/icsa-26-071-01 (government-resource)