CWE-532 Log Injection in Schneider Electric Web Admin causes Sensitive Info Leak
CVE-2026-2401 Published on April 14, 2026

CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential information to be exposed when a Web Admin user executes a malicious file provided by an attacker.

NVD

Weakness Type

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

Affected Versions

Schneider Electric PowerChute™ Serial Shutdown Version Versions 1.4 and prior is affected by CVE-2026-2401

Exploit Probability

EPSS

0.10%

Percentile

1.20%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CWE-532 Log Injection in Schneider Electric Web Admin causes Sensitive Info LeakCVE-2026-2401 Published on April 14, 2026

Weakness Type

Insertion of Sensitive Information into Log File

Affected Versions

Exploit Probability

CWE-532 Log Injection in Schneider Electric Web Admin causes Sensitive Info Leak
CVE-2026-2401 Published on April 14, 2026