CVE-2026-35555 is an authorization vulnerability (CWE-863) in the PowerSYSTEM Center 2024 product by Subnet Solutions, specifically affecting version 6.0.x. The flaw allows an authenticated user with limited permissions to perform unauthorized deletions of device project groups. The CVSS 4.0 vector indicates the attack requires adjacent network access, low complexity, no user interaction, and privileges at a low level, with high impact on integrity and low impact on availability and confidentiality. No official patch or remediation guidance is currently available from the vendor, and the product is not a cloud service, so remediation depends on vendor updates.

An attacker with valid credentials and limited permissions can delete project groups without proper authorization, potentially disrupting project management and associated device configurations within PowerSYSTEM Center 2024. This could lead to loss of organizational data integrity related to project groups. There is no indication of confidentiality or availability impact beyond the deletion capability. No known exploits have been reported in the wild to date.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or temporary mitigation is provided, organizations should monitor vendor communications for updates. In the meantime, restrict user permissions carefully and audit user actions related to project group management to detect unauthorized deletions.