A vulnerability, which was classified as problematic , has been found in Orca Energy Heat Pump and User Portal . Affected is an unknown function of the component HTTP Connection Handler . Performing a manipulation results in cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is identified as CVE-2026-25599 . The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affect