Description
An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to escalate privileges via PIN component of the login functionality.
Published: 2026-02-20
Score: 9.4 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Privilege Escalation
Action: Apply Patch
AI Analysis

Impact

Key Systems Inc Global Facilities Management Software v.20230721a contains a flaw in the PIN component of its login functionality that allows a remote attacker to gain elevated privileges. This weakness, identified as CWE‑269, enables an attacker to bypass normal authentication controls and operate with higher system authority, potentially exposing confidential data, modifying system settings, and disrupting operations.

Affected Systems

Key Systems Inc. Global Facilities Management Software version 20230721a is affected.

Risk and Exploitability

The vulnerability carries a CVSS score of 9.4, indicating a high severity level, but the EPSS score is less than 1%, implying a very low current exploitation probability. It is not listed in the CISA Known Exploited Vulnerabilities catalog. Based on the description, it is inferred that the attack vector is remote access via the login interface, requiring the attacker to supply a valid or guessed PIN to manipulate authentication logic.

Generated by OpenCVE AI on April 17, 2026 at 17:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available vendor patch for Global Facilities Management Software v.20230721a.
  • If a patch is not yet released, disable or remove PIN-based authentication temporarily to block the escalation path.
  • Monitor authentication logs for suspicious PIN usage and enforce stricter access controls on login mechanisms.

Generated by OpenCVE AI on April 17, 2026 at 17:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via PIN Login in Key Systems Global Facilities Management Software

Thu, 26 Feb 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Keystorage
Keystorage global Facilities Management Software
CPEs cpe:2.3:a:keystorage:global_facilities_management_software:20230721a:*:*:*:*:*:*:*
Vendors & Products Keystorage
Keystorage global Facilities Management Software

Mon, 23 Feb 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-269
Metrics cvssV3_1

{'score': 9.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Key Systems
Key Systems global Facilities Management Software
Vendors & Products Key Systems
Key Systems global Facilities Management Software

Fri, 20 Feb 2026 16:30:00 +0000

Type Values Removed Values Added
Description An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to escalate privileges via PIN component of the login functionality.
References

Subscriptions

Key Systems Global Facilities Management Software
Keystorage Global Facilities Management Software
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-02-23T20:28:40.578Z

Reserved: 2026-02-16T00:00:00.000Z

Link: CVE-2026-26722

cve-icon Vulnrichment

Updated: 2026-02-23T20:26:04.667Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-20T17:25:55.377

Modified: 2026-02-26T17:56:10.743

Link: CVE-2026-26722

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T17:45:24Z

Weaknesses