CVE-2026-2404
Published Apr 14, 2026
·Updated
CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /j_security check request payload.
Affected Software
1 affected component
Schneider-electric Powerchute Serial Shutdown<1.5
Event History
Apr 14, 2026
CVE Published
via MITRE·03:13 PM
Data Sourced
via MITRE·03:13 PM
DescriptionWeakness
Data Sourced
via NVD·04:16 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2026-2404?
CVE-2026-2404 is considered a medium severity vulnerability due to its potential for log injection and manipulation.
2
How do I fix CVE-2026-2404?
To fix CVE-2026-2404, update the Schneider Electric PowerChute Serial Shutdown software to version 1.5 or later.
3
What types of attacks can be executed using CVE-2026-2404?
Attackers can exploit CVE-2026-2404 to inject malicious logs, potentially leading to forged log entries.
4
Which software versions are affected by CVE-2026-2404?
CVE-2026-2404 affects Schneider Electric PowerChute Serial Shutdown versions prior to 1.5.
5
Is there a workaround for CVE-2026-2404?
Currently, the recommended solution for CVE-2026-2404 is to apply the available software update to remediate the vulnerability.