CVE-2026-2405

| EUVD-2026-22293 MEDIUM
2026-04-14 schneider GHSA-2j49-hp6r-vx83 GHSA-9h8m-3fm2-qjrq GHSA-q728-gf8j-w49r GHSA-vhw5-3g5m-8ggf
Denial Of Service Powerchute Serial Shutdown
5.3
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Apr 14, 2026 - 17:04 vuln.today

DescriptionNVD

CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creation and denial of service when a Web Admin user floods the system with POST /helpabout requests.

AnalysisAI

Denial of service in Schneider Electric PowerChute Serial Shutdown versions 1.4 and prior allows authenticated Web Admin users to trigger uncontrolled resource consumption by flooding the system with POST requests to the /helpabout endpoint, causing excessive troubleshooting zip file creation and service degradation. Attack requires valid admin credentials and network access to the web interface; CVSS 5.3 reflects low availability impact with no confidentiality or integrity compromise.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-2405 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy