CVE-2026-26724

Name of the Vulnerable Software and Affected Versions Key Systems Inc Global Facilities Management Software version 20230721a

Description A Cross Site Scripting issue exists in Key Systems Inc Global Facilities Management Software. A remote attacker can potentially execute arbitrary code by manipulating the selectgroup and gn parameters on the /api/v1/Groups endpoint.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the /api/v1/Groups endpoint to minimize the risk of exploitation. Sanitize the selectgroup and gn parameters before processing them within the Groups function.