Subnet Solutions PowerSYSTEM Center CRLF Injection Vulnerability in Email Notification Service

Vulnerability

A CRLF injection vulnerability has been identified in the email notification service of Subnet Solutions PowerSYSTEM Center. This issue arises when the application uses SMTPS for communication. The vulnerability affects PowerSYSTEM Center versions 2020 through 5.28.x, as well as 2024 versions 6.0.x to 6.1.x and 2026 version 7.0.x.

Impact

Exploitation of this vulnerability could allow an authenticated attacker to inject carriage return and line feed characters, potentially leading to header manipulation or injection attacks.

Added: May 12, 2026, 9:22 PM

Updated: May 12, 2026, 9:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.3

remediation

0.0

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.3

remediation

0.0

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Subnet Solutions PowerSYSTEM Center CRLF Injection Vulnerability in Email Notification Service

Vulnerability

Impact

Affected Products

Subnet Solutions PowerSYSTEM Center

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating