PT-2026-21253 · Key Systems · Global Facilities Management

Chndlrx

Published

2026-02-20

Updated

2026-02-26

CVE-2026-26724

CVSS v3.1

7.6

High

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions Key Systems Inc Global Facilities Management Software version 20230721a

Description A Cross Site Scripting issue exists in Key Systems Inc Global Facilities Management Software. A remote attacker can potentially execute arbitrary code by manipulating the selectgroup and gn parameters on the /api/v1/Groups endpoint.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the /api/v1/Groups endpoint to minimize the risk of exploitation. Sanitize the selectgroup and gn parameters before processing them within the Groups function.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2026-26724

Affected Products

Global Facilities Management

PT-2026-21253 · Key Systems · Global Facilities Management

CVE-2026-26724

Weakness Enumeration

Related Identifiers

Affected Products

References · 5