CVE-2026-32776 Hitachi Energy CVE debrief

Who should care

Organizations using Hitachi Energy's RTU500 series CMU Firmware, particularly those with IEC 61850 functionality configured, should be aware of this vulnerability and take necessary precautions. The vulnerability can lead to a Denial of Service (DoS) impact, which can disrupt critical infrastructure operations. CVE-2026-32776 has a CVSS score of 5.5, indicating a medium severity.

Technical summary

CVE-2026-32776 is a NULL pointer dereference vulnerability in libexpat before 2.7.5, which is used in Hitachi Energy's RTU500 series CMU Firmware. The vulnerability occurs when processing empty external parameter entity content, leading to a Denial of Service (DoS) impact. The product is only affected if IEC 61850 functionality is configured. The vulnerability has a CVSS score of 5.5 and a CVSS vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Defensive priority

CVE-2026-32776 has a medium severity and can lead to a Denial of Service (DoS) impact. Organizations using affected products should prioritize patching and mitigation efforts.

Recommended defensive actions

• Update to CMU Firmware version 13.8.2
• Follow general mitigation factors/workarounds
• Update to CMU Firmware version 13.7.9 (when available) or 13.8.2
• Monitor and review IEC 61850 functionality configuration
• Verify and apply vendor-provided security patches

Evidence notes

The vulnerability is documented in the CVE-2026-32776 record and the National Vulnerability Database (NVD). The source item URL provides additional information on the vulnerability, including affected products and mitigation strategies. The Common Vulnerability and Exposure (CVE) program and the National Institute of Standards and Technology (NIST) provide further details on the vulnerability.

Official resources