Kelly Stich - Security Researcher - Exploit Intelligence Platform

CVE-2026-26289 WRITEUP HIGH WRITEUP

Subnet Solutions PowerSYSTEM Center Incorrect Authorization

PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only.

CVSS 8.2

View Code

CVE-2026-33570 WRITEUP MEDIUM WRITEUP

Subnet Solutions PowerSYSTEM Center Incorrect Authorization

PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions.

CVSS 5.7

View Code

CVE-2026-35504 WRITEUP MEDIUM WRITEUP

Subnet Solutions PowerSYSTEM Center CRLF injection

PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication.

CVSS 5.5

View Code

CVE-2026-35555 WRITEUP MEDIUM WRITEUP

Subnet Solutions PowerSYSTEM Center Incorrect Authorization

PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups.

CVSS 6.3

View Code