CWE-532 Log Injection in Schneider Electric Web Admin causes Sensitive Info Leak
CVE-2026-2401 Published on April 14, 2026

CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential information to be exposed when a Web Admin user executes a malicious file provided by an attacker.

NVD

Weakness Type

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

Affected Versions

Schneider Electric PowerChute™ Serial Shutdown Version Versions 1.4 and prior is affected by CVE-2026-2401

CWE-532 Log Injection in Schneider Electric Web Admin causes Sensitive Info LeakCVE-2026-2401 Published on April 14, 2026

Weakness Type

Insertion of Sensitive Information into Log File

Affected Versions

CWE-532 Log Injection in Schneider Electric Web Admin causes Sensitive Info Leak
CVE-2026-2401 Published on April 14, 2026