CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-8045

criticalcovered by 1 sourcefirst seen 2026-06-30
View CSAF Summary Schneider Electric is aware of a vulnerability in its EcoStruxure™ IT Data Center Expert. The EcoStruxure™ IT Data Center Expert product is a scalable monitoring software that collects, organizes, and distributes critical device information providing a comprehensive view of equipment. Failure to apply the remediation provided below may risk information disclosure. The following versions of Schneider Electric EcoStruxure IT Data Center Expert are affected: EcoStruxure IT Data Center Expert vers:intdot/<=9.1.1, 9.1.2 (CVE-2026-8045) CVSS Vendor Equipment Vulnerabilities v3 6.5 Schneider Electric Schneider Electric EcoStruxure IT Data Center Expert Improper Restriction of XML External Entity Reference Background Critical Infrastructure Sectors: Information Technology, Critical Manufacturing, Energy Countries/Areas Deployed: Worldwide Company Headquarters Location: France Vulnerabilities Expand All + CVE-2026-8045 CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints View CVE Details Affected Products Schneider Electric EcoStruxure IT Data Center Expert Vendor: Schneider Electric Product Version: EcoStruxure IT Data Center Expert (Formerly known as StruxureWare Data Center Expert) Version 9.1.1 and Prior Product Status: fixed, known_affected Remediations Vendor fix v9.1.2 of EcoStruxure™ IT Data Center Expert includes a fix for this vulnerability and is available for download here: https://www.se.com/en/product-range/61851-ecostruxure-it-data- center-expert/#software-and-firmware https://www.se.com/ww/en/product-country-selector/?pageType=product-range&sourceId=61851#software-and-firmware Relevant CWE: CWE-611 Improper Restriction of XML External Entity Reference Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.5 MEDIUM CVSS:3.1/

CSIRTS triage

What
The vulnerability allows for information disclosure due to improper restriction of XML external entity references.
Who is affected
Deployments of EcoStruxure IT Data Center Expert versions 9.1.1 and 9.1.2.
Urgency
Remediation is critical due to the potential for information disclosure.
Action
Apply the provided remediation to affected versions.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-8045

Get an email if CVE-2026-8045 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-8045

CVE.org record

Embed the live status

CVE-2026-8045 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-8045 status](https://www.csirts.com/badge/CVE-2026-8045)](https://www.csirts.com/cve/CVE-2026-8045)