CVE-2026-2403

| EUVD-2026-22290 MEDIUM
2026-04-14 schneider GHSA-v2cv-5hx2-p7w9
Information Disclosure Powerchute Serial Shutdown
5.3
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Apr 14, 2026 - 17:04 vuln.today

DescriptionNVD

CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrity when a Web Admin user alters the POST /logsettings request payload.

AnalysisAI

Improper validation of input quantity in Schneider Electric PowerChute Serial Shutdown versions 1.4 and prior allows authenticated Web Admin users to truncate event and data logs via crafted POST /logsettings requests, compromising log integrity and audit trail reliability. The vulnerability requires valid admin credentials and network access but poses direct impact to forensic and compliance capabilities. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-2403 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy