What is the CVSS score of CVE-2026-26722?

CVE-2026-26722 has a CVSS 3.1 base score of 9.4 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Global Facilities Management Software are affected by CVE-2026-26722?

A critical privilege escalation vulnerability (CVSS 9.4) affects Global Facilities Management Software versions through 20230721a, allowing attackers to bypass access controls and gain unauthorized…

Is there a public PoC exploit available for CVE-2026-26722?

Yes, a public proof-of-concept exploit is available for CVE-2026-26722. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2026-26722?

Within 24 hours: Inventory all Global Facilities Management Software instances and versions; isolate affected systems from internet-facing access and restrict user access to essential personnel only. Within 7 days: Implement network segmentation to limit lateral movement; enable enhanced logging and monitoring for privilege escalation attempts; contact vendor for patch timeline and interim guidance. Within 30 days: Apply vendor patch immediately upon release; conduct forensic review for evidence of exploitation; reset credentials for all administrative accounts.

Global Facilities Management Software CVE-2026-26722

CRITICAL

Improper Privilege Management (CWE-269)

2026-02-20 cve@mitre.org

Privilege Escalation Global Facilities Management Software

9.4

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.4 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:04 vuln.today

PoC Detected

Feb 26, 2026 - 17:56 vuln.today

Public exploit code

CVE Published

Feb 20, 2026 - 17:25 nvd

CRITICAL 9.4

DescriptionCVE.org

An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to escalate privileges via PIN component of the login functionality.

AnalysisAI

Privilege escalation in Key Systems Global Facilities Management Software via PIN component. PoC available.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Send crafted authentication request

Exploit

Bypass PIN validation in login component

Execution

Escalate privileges to administrative account

Impact

Access sensitive facility management functions