Sensitive Information Exposure in Schneider Electric's Web Admin Interface
CVE-2026-2401

2.4LOW

Key Information:

Vendor: Schneider Electric
Status: Powerchute™ Serial Shutdown
Vendor: CVE Published:; 14 April 2026

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2026-2401?

A vulnerability has been identified in Schneider Electric's Web Admin Interface, where an attacker can exploit the system by executing a malicious file, leading to the inadvertent logging of sensitive information. This exposure poses significant privacy risks as confidential data may be accessible to unauthorized users. Admins need to be aware of this vulnerability to prevent potential data leaks and secure their environments.

Affected Version(s)

PowerChute™ Serial Shutdown Versions 1.4 and prior

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

2.4

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Feb 12, 2026

CVE-2026-2401 Data

JSON