{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-26722", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-02-23T20:28:40.578Z", "dateReserved": "2026-02-16T00:00:00.000Z", "datePublished": "2026-02-20T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-02-20T16:07:38.119Z"}, "descriptions": [{"lang": "en", "value": "An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to escalate privileges via PIN component of the login functionality."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/chndlrx/vulnerability-disclosures/tree/main/CVE-2026-26722"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-269", "lang": "en", "description": "CWE-269 Improper Privilege Management"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.4, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-02-23T20:28:10.124822Z", "id": "CVE-2026-26722", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-23T20:28:40.578Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.4, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-26722", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-23T20:28:10.124822Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-23T20:26:04.667Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/chndlrx/vulnerability-disclosures/tree/main/CVE-2026-26722"}], "descriptions": [{"lang": "en", "value": "An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to escalate privileges via PIN component of the login functionality."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-02-20T16:07:38.119Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26722", "state": "PUBLISHED", "dateUpdated": "2026-02-23T20:28:40.578Z", "dateReserved": "2026-02-16T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-02-20T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:keystorage:global_facilities_management_software:20230721a:*:*:*:*:*:*:*", "matchCriteriaId": "B18D4BBF-3745-43E5-86FE-8834842D0E6B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to escalate privileges via PIN component of the login functionality."}, {"lang": "es", "value": "Un problema en el software de gesti\u00f3n de instalaciones globales de Key Systems Inc v.20230721a permite a un atacante remoto escalar privilegios a trav\u00e9s del componente PIN de la funcionalidad de inicio de sesi\u00f3n."}], "id": "CVE-2026-26722", "lastModified": "2026-02-26T17:56:10.743", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-20T17:25:55.377", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/chndlrx/vulnerability-disclosures/tree/main/CVE-2026-26722"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "20230721a"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}]}, "product": "global_facilities_management_software", "vendor": "key_systems"}], "analysis": {"en": {"generated_at": "2026-04-17T17:39:25.226750+00:00", "value": {"mitigation_remediation": ["Apply any available vendor patch for Global Facilities Management Software v.20230721a.", "If a patch is not yet released, disable or remove PIN-based authentication temporarily to block the escalation path.", "Monitor authentication logs for suspicious PIN usage and enforce stricter access controls on login mechanisms."], "summary": {"action": "Apply Patch", "impact": "Remote Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Key Systems Inc. Global Facilities Management Software version 20230721a is affected.", "description_and_impact": "Key Systems Inc Global Facilities Management Software v.20230721a contains a flaw in the PIN component of its login functionality that allows a remote attacker to gain elevated privileges. This weakness, identified as CWE\u2011269, enables an attacker to bypass normal authentication controls and operate with higher system authority, potentially exposing confidential data, modifying system settings, and disrupting operations.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 9.4, indicating a high severity level, but the EPSS score is less than 1%, implying a very low current exploitation probability. It is not listed in the CISA Known Exploited Vulnerabilities catalog. Based on the description, it is inferred that the attack vector is remote access via the login interface, requiring the attacker to supply a valid or guessed PIN to manipulate authentication logic."}}}}, "created": "2026-02-23T14:47:17.828271+00:00", "title": "Privilege Escalation via PIN Login in Key Systems Global Facilities Management Software", "updated": "2026-04-17T17:45:24.345602+00:00", "vendors": ["key_systems", "key_systems$PRODUCT$global_facilities_management_software"]}