🔐 CVE Alert

CVE-2026-9292

UNKNOWN 0.0

Rockwell Automation FactoryTalk® DataMosaix™ Private Cloud - Stored Cross-Site Scripting

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

A Stored Cross-Site Scripting security issue exists within FactoryTalk® DataMosaix™ Private Cloud. The vulnerability stems from improper neutralization of user-supplied input within the Workflows configuration. An authenticated attacker with high privileges can inject malicious scripts that are permanently stored on the server. This vulnerability can result in the execution of malicious JavaScript when other users access the affected page, potentially allowing for account takeover, credential theft, or redirection to a malicious website.

CWE CWE-79
Vendor rockwell automation
Product factorytalk® datamosaix™ private cloud
Published Jul 14, 2026
Last Updated Jul 14, 2026
Stay Ahead of the Next One

Get instant alerts for rockwell automation factorytalk® datamosaix™ private cloud

Be the first to know when new unknown vulnerabilities affecting rockwell automation factorytalk® datamosaix™ private cloud are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Rockwell Automation / FactoryTalk® DataMosaix™ Private Cloud
Version 8.02 and below

References

NVD ↗ CVE.org ↗ EPSS Data ↗
rockwellautomation.com: https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1787.html