Malicious Project File Can Expose Confidential Data and Allow Unwanted Access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.0

Malicious Project File Can Expose Confidential Data and Allow Unwanted Access

CVE-2026-1286

Summary

A serious security flaw exists in a popular project management software. If an authorized admin opens a malicious project file, it could allow an attacker to access confidential information and potentially take control of the workstation. Update the software to the latest version to fix this issue.

Original title

CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when an admin authenticated ...

Original description

nvd CVSS4.0 7.0

Vulnerability type

CWE-502 Deserialization of Untrusted Data

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-03&p_enDoc...

Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026