cbcvebase.
CVE-2026-4293
published 2026-05-20

CVE-2026-4293: The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim's browser, which…

PriorityP428medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.27%
18.7th percentile
The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim's browser, which allows the attacker to control the browser.

Affected

11 ranges
VendorProductVersion rangeFixed in
kieback_peterddc4002<= 1.12.14
kieback_peterddc4002e<= 1.23.4
kieback_peterddc4020e<= 1.23.4
kieback_peterddc4040e<= 1.23.4
kieback_peterddc4100<= 1.12.14
kieback_peterddc4200<= 1.12.14
kieback_peterddc4200-l<= 1.12.14
kieback_peterddc4200e<= 1.23.4
kieback_peterddc4400<= 1.12.14
kieback_peterddc4400e<= 1.23.4
kieback_peterddc520<= 1.24.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.