Trane Tracer SC: Unauthenticated Access to Sensitive Information

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.9

Trane Tracer SC: Unauthenticated Access to Sensitive Information

CVE-2026-28254

Summary

Trane Tracer SC, SC+, and Concierge software has an issue that lets anyone access sensitive data without a password. This means that unauthorized people can potentially view confidential information. Make sure to update the software to the latest version to fix this security issue.

Original title

A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs.

Original description

A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs.

nvd CVSS4.0 6.9

Vulnerability type

CWE-862 Missing Authorization

https://www.cisa.gov/news-events/ics-advisories/icsa-26-071-01

Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026