Release Date: February 10, 2026 Alert Code: ICSA-26-041-03 Summary: Successful exploitation of this vulnerability could result in a denial-of-service condition. Affected Versions: PI Data Archive PI Server <=2018_SP3_Patch_7 (CVE-2026-1507) PI Data Archive PI Server 2023 (CVE-2026-1507) PI Data Archive PI Server 2023_Patch_1 (CVE-2026-1507) PI Data Archive PI Server 2024 (CVE-2026-1507) Vulnerabilities: CVE-2026-1507 - CVSS: v3 7.5 - Vendor: AVEVA - Equipment: AVEVA PI Data Archive - Vulnerabilities: Uncaught Exception Background: Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: United Kingdom Acknowledgments: AVEVA reported this vulnerability to CISA Recommended Practices: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. Use more secure methods, such as Virtual Private Networks (VPNs), for remote access. Implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are available on the ICS webpage at cisa.gov/ics. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.