—

CVE-2026-2399

schneider electric · powerchute serial shutdown

CVE-2026-2399: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could ca

Description

A vulnerability was found in Schneider Electric PowerChute Serial Shutdown. It has been classified as critical. This impacts an unknown function of the file /REST/upssleep. This manipulation causes path traversal.

Affected Products

Vendor	Product	Versions
schneider electric	powerchute serial shutdown	Versions 1.4 and prior

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf

Related News (1 articles)

Tier C

VulDB7h ago

CVE-2026-2399 | Schneider Electric PowerChute Serial Shutdown /REST/upssleep path traversal (SEVD-2026-104-01)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

CWECWE-22

PublishedApr 14, 2026

Last enriched7h agov2

Trending Score34

Source articles1

Independent1

Info Completeness7/14

Missing: cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

NONECVE-2026-2402EXP

CVE-2026-2402: CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to g

Trending: 48

NONECVE-2026-4832EXP

CVE-2026-4832: CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device info

Trending: 48

NONECVE-2026-2403EXP

CVE-2026-2403: CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log tru

Trending: 39

NONECVE-2026-2405EXP

CVE-2026-2405: CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creat

Trending: 39

HIGHCVE-2026-2404

CVE-2026-2404: CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when

Trending: 36

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 14, 2026

Discovered by ZDM

Apr 14, 2026

Updated: description, severity

Apr 14, 2026

Version History

Last enriched 7h ago

v2Tier C7h ago

Updated severity to CRITICAL, corrected exploit availability to false, and provided a more detailed description of the vulnerability.

descriptionseverity

via VulDB

v17h ago

Initial creation