Log Injection via /j_security_check in Java EE Container (CWE-116)
CVE-2026-2404 Published on April 14, 2026

CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /j_security check request payload.

NVD

Weakness Type

What is an Output Sanitization Vulnerability?

The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

CVE-2026-2404 has been classified to as an Output Sanitization vulnerability or weakness.

Affected Versions

Schneider Electric PowerChute™ Serial Shutdown Version Versions 1.4 and prior is affected by CVE-2026-2404

Log Injection via /j_security_check in Java EE Container (CWE-116)CVE-2026-2404 Published on April 14, 2026

Weakness Type

What is an Output Sanitization Vulnerability?

Affected Versions

Log Injection via /j_security_check in Java EE Container (CWE-116)
CVE-2026-2404 Published on April 14, 2026