Vulnerability in Trane Tracer Concierge

CVE-2026-28256

A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.

EPSS: 0.001 (17.4th percentile) — read the EPSS interpretation.

Affected products

Trane Tracer Concierge — versions 0
Trane Tracer Sc — versions 0
Trane Tracer Sc+ — versions 0

Weakness classification (CWE)

CWE-547 — Use of Hard-coded, Security-relevant Constants

References

www.cisa.gov/news-events/ics-advisories/icsa-26-071-01 (government-resource)