Log Injection Vulnerability in Schneider Electric Software
CVE-2026-2404

6.9MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Powerchute™ Serial Shutdown
Vendor: CVE Published:; 14 April 2026

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2026-2404?

A log injection vulnerability exists in Schneider Electric software due to improper encoding or escaping of output. This flaw allows attackers to manipulate the POST /j_security check request payload, potentially leading to forged log entries and unauthorized information disclosure. Organizations using affected versions should take immediate action to mitigate any risks associated with this vulnerability.

Affected Version(s)

PowerChute™ Serial Shutdown Versions 1.4 and prior

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Feb 12, 2026

CVE-2026-2404 Data

JSON