Trane Tracer SC and Tracer SC+ allow attackers to bypass authentication and gain root access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.2

Trane Tracer SC and Tracer SC+ allow attackers to bypass authentication and gain root access

CVE-2026-28252

Summary

Trane Tracer SC, Tracer SC+, and Tracer Concierge devices have a security issue that allows an attacker to bypass the login process and gain full control of the device. This means an attacker could potentially access and manipulate sensitive information or make changes to the device. You should update your devices to the latest version to fix this issue.

Original title

A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authentication and gain root-level access to ...

Original description

nvd CVSS4.0 9.2

Vulnerability type

CWE-327 Use of a Broken Cryptographic Algorithm

https://www.cisa.gov/news-events/ics-advisories/icsa-26-071-01

Published: 12 Mar 2026 · Updated: 14 Mar 2026 · First seen: 12 Mar 2026