CRLF Injection Vulnerability in Schneider Electric Products
CVE-2026-2400

5.3MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Powerchute™ Serial Shutdown
Vendor: CVE Published:; 14 April 2026

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2026-2400?

A CRLF injection vulnerability exists in Schneider Electric's web applications, which allows an attacker to manipulate the POST /setPCBEDesc request payload. This could result in improper neutralization of CRLF sequences, potentially enabling unauthorized reset of application user credentials. Organizations utilizing affected Schneider Electric products should implement immediate security measures to mitigate this risk.

Affected Version(s)

PowerChute™ Serial Shutdown Versions 1.4 and prior

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Feb 12, 2026

CVE-2026-2400 Data

JSON