Insufficient Entropy Vulnerability in Schneider Electric Products
CVE-2026-4827

8.7HIGH

Key Information:

Vendor: Schneider Electric
Status: Easergy Micom C264; Easergy C5; Easergy Micom P30; Easergy Micom P40
Vendor: CVE Published:; 12 May 2026

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2026-4827?

A vulnerability exists due to insufficient entropy within session management mechanisms in Schneider Electric products. This security flaw can be exploited by attackers on the network, allowing them to circumvent session protections and potentially gain unauthorized access to sensitive information or systems.

Affected Version(s)

Easergy C5 Version 1.1.17 and prior

Easergy MiCOM C264 Versions D6.x all versions

Easergy MiCOM C264 Versions D7.33 and prior

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Mar 25, 2026

CVE-2026-4827 Data

JSON