These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-35555 is an access-control issue in Subnet Solutions PowerSYSTEM Center’s device project groups feature. According to the CISA CSAF advisory, an authenticated user with limited permissions can perform an unauthorized deletion of project groups. The supplied CVSS 3.1 vector indicates low-privilege, no-user-interaction impact centered on integrity.
CVE-2026-35504 affects Subnet Solutions PowerSYSTEM Center’s email notification service when SMTPS is used. CISA’s advisory says the issue is a CRLF injection vulnerability, and the vendor recommends updating to fixed releases and tightening access to notification-related settings.
CVE-2026-33570 is an authorization flaw in Subnet Solutions PowerSYSTEM Center's REST API for devices. According to CISA's advisory, a low-privilege authenticated user can access information that should be limited by operational permissions. The issue was publicly disclosed on 2026-05-12 in ICSA-26-132-02 and carries a CVSS v3.1 score of 5.7 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N), reflecting a confidential [truncated]
CVE-2026-26289 is an authorization issue in Subnet Solutions PowerSYSTEM Center's REST API device account export path. According to CISA, an authenticated user with limited permissions can expose sensitive information that should be restricted to administrative access. CISA published the advisory on 2026-05-12 and rates the issue High (CVSS 8.2) in the supplied record.