CVE-2026-2400
MEDIUMSchneider Electric PowerChute Serial Shutdown <=1.4 - CRLF Injection
Title source: llmDescription
CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that could cause application user credentials to reset when a Web Admin user alters the POST /setPCBEDesc request payload.
Scores
CVSS v3
4.3
EPSS
0.0005
EPSS Percentile
15.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-93
Status
published
Products (2)
Schneider Electric/PowerChute™ Serial Shutdown
Versions 1.4 and prior
schneider-electric/powerchute_serial_shutdown
< 1.5
Published
Apr 14, 2026
Tracked Since
Apr 14, 2026