Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability

A medium-severity authentication bypass vulnerability (CVE-2026-2491) affects Socomec DIRIS A-40 power monitoring devices, allowing network-adjacent attackers to gain unauthorized access without credentials. Attackers can exploit this flaw to potentially manipulate power monitoring data, disrupt critical infrastructure monitoring, or pivot to other systems on the network. Organizations using these devices should immediately apply available patches from Socomec, restrict network access to affected devices, and monitor for suspicious authentication attempts or configuration changes.