CVE-2026-2403
Published: 14 April 2026
Summary
CVE-2026-2403 is a medium-severity Improper Validation of Specified Quantity in Input (CWE-1284) vulnerability in Schneider-Electric Powerchute Serial Shutdown. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Indicator Removal (T1070); ranked at the 6.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-22290
Vulnerability details
CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrity when a Web Admin user alters the POST /logsettings request payload.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability directly enables log truncation via malformed POST input, facilitating indicator removal and defense impairment by impacting log integrity.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.