CVE-2026-8045
View CSAF Summary Schneider Electric is aware of a vulnerability in its EcoStruxure™ IT Data Center Expert. The EcoStruxure™ IT Data Center Expert product is a scalable monitoring software that collects, organizes, and distributes critical device information providing a comprehensive view of equipment. Failure to apply the remediation provided below may risk information disclosure. The following versions of Schneider Electric EcoStruxure IT Data Center Expert are affected: EcoStruxure IT Data Center Expert vers:intdot/<=9.1.1, 9.1.2 (CVE-2026-8045) CVSS Vendor Equipment Vulnerabilities v3 6.5 Schneider Electric Schneider Electric EcoStruxure IT Data Center Expert Improper Restriction of XML External Entity Reference Background Critical Infrastructure Sectors: Information Technology, Critical Manufacturing, Energy Countries/Areas Deployed: Worldwide Company Headquarters Location: France Vulnerabilities Expand All + CVE-2026-8045 CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints View CVE Details Affected Products Schneider Electric EcoStruxure IT Data Center Expert Vendor: Schneider Electric Product Version: EcoStruxure IT Data Center Expert (Formerly known as StruxureWare Data Center Expert) Version 9.1.1 and Prior Product Status: fixed, known_affected Remediations Vendor fix v9.1.2 of EcoStruxure™ IT Data Center Expert includes a fix for this vulnerability and is available for download here: https://www.se.com/en/product-range/61851-ecostruxure-it-data- center-expert/#software-and-firmware https://www.se.com/ww/en/product-country-selector/?pageType=product-range&sourceId=61851#software-and-firmware Relevant CWE: CWE-611 Improper Restriction of XML External Entity Reference Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.5 MEDIUM CVSS:3.1/
CSIRTS triage
- What
- The vulnerability allows for information disclosure due to improper restriction of XML external entity references.
- Who is affected
- Deployments of EcoStruxure IT Data Center Expert versions 9.1.1 and 9.1.2.
- Urgency
- Remediation is critical due to the potential for information disclosure.
- Action
- Apply the provided remediation to affected versions.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch CVE-2026-8045
Get an email if CVE-2026-8045 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.
Exploitation outlook
- Low exploitation risk0.23% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 14% of all EPSS-scored CVEs.
Advisory coverage (1)
- criticalSchneider Electric EcoStruxure IT Data Center Expertcisa · 2026-06-30
External references
Embed the live status
— this badge updates automatically when the KEV or exploit status changes. How to embed it →
[](https://www.csirts.com/cve/CVE-2026-8045)