Trane Tracer Concierge — known CVE vulnerabilities
Every CVE whose affected-product data names Trane Tracer Concierge, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2021-38450 — CVSS 9.9 (critical): The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the…
CVE-2026-28252 — CVSS 9.8 (critical): A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an…
CVE-2026-28255 — CVSS 9.8 (critical): A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose…
CVE-2026-28256 — CVSS 9.8 (critical): A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker…
CVE-2026-28253 — CVSS 7.5 (high): A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an…
CVE-2026-28254 — CVSS 7.5 (high): A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to…