Input Validation Vulnerability in Schneider Electric's Log Management System
CVE-2026-2403

5.3MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Powerchute™ Serial Shutdown
Vendor: CVE Published:; 14 April 2026

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2026-2403?

An input validation vulnerability exists within Schneider Electric's Log Management System, specifically related to how the system processes the POST /logsettings request payload. This flaw allows a Web Admin user to modify the request in a manner that can lead to event and data log truncation, consequently undermining the integrity of the logs and the accuracy of event records. Proper validation mechanisms are crucial to ensure that data integrity is maintained and to prevent unauthorized changes to sensitive log information.

Affected Version(s)

PowerChute™ Serial Shutdown Versions 1.4 and prior

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Feb 12, 2026

CVE-2026-2403 Data

JSON