CVE-2026-2403
Improper Input Validation in Web Admin Causes Log Truncation
Publication date: 2026-04-14
Last updated on: 2026-04-22
Assigner: Schneider Electric SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| schneider-electric | powerchute_serial_shutdown | to 1.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1284 | The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper validation issue (CWE-1284) where the specified quantity in the input is not correctly checked. Specifically, when a Web Admin user modifies the POST /logsettings request payload, it can cause truncation of event and data logs.
This truncation impacts the integrity of the logs, meaning that the logs may be incomplete or altered unintentionally due to this vulnerability.
How can this vulnerability impact me? :
The vulnerability can lead to truncation of event and data logs, which compromises the integrity of these logs.
As a result, important security or operational events might be lost or incomplete, making it difficult to perform accurate auditing, troubleshooting, or forensic analysis.