Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /j_security check request payload.
AnalysisAI
Log injection via improper output encoding in Schneider Electric PowerChute™ Serial Shutdown allows unauthenticated remote attackers to forge or inject malicious log entries by sending crafted POST requests to the /j_security_check endpoint, potentially obscuring attack trails or triggering false alerts.
Technical ContextAI
CWE-116 (Improper Encoding or Escaping of Output) occurs when user-supplied input is logged without proper sanitization or encoding. In this case, the /j_security_check endpoint in PowerChute™ Serial Shutdown processes POST request payloads and writes them to logs without neutralizing special characters or control sequences that have meaning in log formats. Attackers exploit this by injecting newline characters, log delimiters, or other sequences to create fake log entries that appear legitimate. The CPE cpe:2.3:a:schneider_electric:powerchute™_serial_shutdown:*:*:*:*:*:*:*:* indicates all versions of this product are affected.
RemediationAI
Apply the security update released by Schneider Electric as documented in SEVD-2026-104-01 (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). The patch corrects the output encoding in the /j_security_check request handler to prevent injection of special characters into logs. Until patching is possible, implement network-level controls to restrict access to the /j_security_check endpoint and monitor logs for suspicious entries containing unusual control characters or out-of-sequence log messages that may indicate injection attempts.
More in Powerchute Serial Shutdown
View allSchneider Electric PowerChute Serial Shutdown v1.4 and prior allows remote credential brute force attacks due to missing
PowerChute Serial Shutdown allows authenticated administrative users to overwrite critical system files via path travers
Improper validation of input quantity in Schneider Electric PowerChute Serial Shutdown versions 1.4 and prior allows aut
CRLF injection in Schneider Electric PowerChute™ Serial Shutdown versions 1.4 and prior allows authenticated Web Admin u
Denial of service in Schneider Electric PowerChute Serial Shutdown versions 1.4 and prior allows authenticated Web Admin
Schneider Electric PowerChute™ Serial Shutdown versions 1.4 and prior expose confidential information through log file i
Same weakness CWE-116 – Improper Encoding or Escaping of Output
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22292
GHSA-cjw8-79x6-5cj4