Resetting credentials possible via malicious Web Admin user input

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.3

Resetting credentials possible via malicious Web Admin user input

CVE-2026-2400

Summary

A vulnerability in the application's POST request handling could allow a malicious Web Admin user to reset user credentials. This could happen if a user with elevated privileges alters a specific request. Affected users should update the application to the latest version to prevent this issue.

Original title

CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that could cause application user credentials to reset when a Web Admin user alters the POST /setPCBEDesc ...

Original description

CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that could cause application user credentials to reset when a Web Admin user alters the POST /setPCBEDesc request payload.

nvd CVSS4.0 5.3

Vulnerability type

CWE-93

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDoc...

Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026