Authentication Vulnerability in Schneider Electric Products
CVE-2026-2402

6.9MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Powerchute™ Serial Shutdown
Vendor: CVE Published:; 14 April 2026

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2026-2402?

An authentication flaw in Schneider Electric products allows attackers to exploit the system by making an unlimited number of authentication attempts using various credentials. This improper restriction on authentication attempts enables potential unauthorized access to user accounts, posing a significant security risk.

Affected Version(s)

PowerChute™ Serial Shutdown Versions v1.4 and prior

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Feb 12, 2026

CVE-2026-2402 Data

JSON