Vulnerability in Schneider Electric Powerchute™ Serial Shutdown

CVE-2026-2404

CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /j_security check request payload.

EPSS: 0.001 (18.5th percentile) — read the EPSS interpretation.

Affected products

Schneider Electric Powerchute™ Serial Shutdown — versions Versions 1.4 and prior

Weakness classification (CWE)

CWE-116 — Improper Encoding or Escaping of Output

References

download.schneider-electric.com/files