CVE-2026-4293 — The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim's browser, which allows the attacker to control the brows — CVE Database · The Intelligence Room