Untrusted data deserialization in Schneider file leads to RCE (CWE-502)
CVE-2026-1286 Published on March 10, 2026

CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when an admin authenticated user opens a malicious project file.

NVD

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2026-1286 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.

Affected Versions

Schneider Electric EcoStruxure™ Foxboro DCS Version Versions prior to CS8.1 is affected by CVE-2026-1286

Exploit Probability

EPSS

0.29%

Percentile

52.42%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Untrusted data deserialization in Schneider file leads to RCE (CWE-502)CVE-2026-1286 Published on March 10, 2026

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

Affected Versions

Exploit Probability

Untrusted data deserialization in Schneider file leads to RCE (CWE-502)
CVE-2026-1286 Published on March 10, 2026