CVE-2026-33862
published 2026-05-12CVE-2026-33862: A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All…
PriorityP432medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.19%
9.1th percentile
A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter V2506 (All versions < V2506.0005), Teamcenter V2512 (All versions). The affected application does not properly encode or filter user-supplied data. This could allow an attacker to inject malicious code that can be executed by other users when they visit the affected page.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | teamcenter | >= 2312.0 < 2312.0014 | 2312.0014 |
| siemens | teamcenter | >= 2406.0 < 2406.0012 | 2406.0012 |
| siemens | teamcenter | >= 2412.0 < 2412.0009 | 2412.0009 |
| siemens | teamcenter | >= 2506.0 < 2506.0005 | 2506.0005 |
| siemens | teamcenter_v2312 | < V2312.0014 | V2312.0014 |
| siemens | teamcenter_v2406 | < V2406.0012 | V2406.0012 |
| siemens | teamcenter_v2412 | < V2412.0009 | V2412.0009 |
| siemens | teamcenter_v2506 | < V2506.0005 | V2506.0005 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv4.08.5HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Siemens Teamcenter cross site scripting (ssa-827383 / EUVD-2026-29430)
vuldb·2026-05-19·CVSS 8.5
CVE-2026-33862 [HIGH] Siemens Teamcenter cross site scripting (ssa-827383 / EUVD-2026-29430)
A vulnerability classified as problematic was found in Siemens Teamcenter. This vulnerability affects unknown code. Executing a manipulation can lead to cross site scripting.
This vulnerability is tracked as CVE-2026-33862. The attack can be launched remotely. No exploit exists.
Upgrading the affected component is advised.
GHSA
GHSA-4pjx-495c-f5cg: A vulnerability has been identified in Teamcenter V2312 (All versions < V2312
ghsa_unreviewed·2026-05-12
CVE-2026-33862 [HIGH] CWE-79 GHSA-4pjx-495c-f5cg: A vulnerability has been identified in Teamcenter V2312 (All versions < V2312
A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter V2506 (All versions < V2506.0005), Teamcenter V2512 (All versions). The affected application does not properly encode or filter user-supplied data. This could allow an attacker to inject malicious code that can be executed by other users when they visit the affected page.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-12
Published