Untrusted data deserialization in Schneider file leads to RCE (CWE-502)
CVE-2026-1286 Published on March 10, 2026

CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when an admin authenticated user opens a malicious project file.

NVD

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2026-1286 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.

Affected Versions

Schneider Electric EcoStruxure™ Foxboro DCS Version Versions prior to CS8.1 is affected by CVE-2026-1286

Untrusted data deserialization in Schneider file leads to RCE (CWE-502)CVE-2026-1286 Published on March 10, 2026

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

Affected Versions

Untrusted data deserialization in Schneider file leads to RCE (CWE-502)
CVE-2026-1286 Published on March 10, 2026