CVE-2026-2402 MEDIUM

CVE-2026-2402

Vendor Schneider Electric
Product PowerChute™ Serial Shutdown
Weakness CWE-307 · Brute force
Published April 14, 2026
Last update April 14, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on a sequence of requests to multiple endpoints.

Key dates

02Disclosure timeline

April 14, 2026 CVE published
April 14, 2026 Record updated