MEDIUM
Kieback & Peter
CVE published 2026-05-20
CVE-2026-4293
CVE-2026-4293 is a CVSS 5.3 medium-severity cross-site scripting issue affecting Kieback & Peter DDC building controllers. The published description says attacker-controlled JavaScript can execute in the victim’s browser, which can give the attacker control over that browser context. The NVD record was published on 2026-05-20 and was still marked "Awaiting Analysis" in the supplied source snapshot, so def [truncated]