Path Traversal Vulnerability in Schneider Electric's Web Administration Interface
CVE-2026-2399

6.9MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Powerchute™ Serial Shutdown
Vendor: CVE Published:; 14 April 2026

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2026-2399?

A path traversal vulnerability exists that allows Web Admin users to manipulate the POST /REST/upssleep request payload. If exploited, this could lead to the overwriting of critical files with arbitrary text data. Attackers could leverage this weakness to execute unauthorized file modifications, potentially compromising system integrity and functionality.

Affected Version(s)

PowerChute™ Serial Shutdown Versions 1.4 and prior

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Feb 12, 2026

CVE-2026-2399 Data

JSON