IM
IronMonkey Threat Research

CVE-2026-2402 MEDIUM

Published: 2026-04-14 | Last Modified: 2026-04-22 | Status: Analyzed

Description

CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on a sequence of requests to multiple endpoints.

CVSS Metrics

Base Score: 5.3 (MEDIUM)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactLOW

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 1.4

Base Score: 6.9 (MEDIUM)

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack VectorNETWORK
Attack ComplexityLOW
Attack RequirementsNONE
Privileges RequiredNONE
User InteractionNONE
Vulnerability ConfidentialityNONE
Vulnerability IntegrityNONE
Vulnerability AvailabilityLOW
Subsequent ConfidentialityNONE
Subsequent IntegrityNONE
Subsequent AvailabilityNONE

Source: [email protected]

Type: Secondary

Weaknesses

Source Type Description
[email protected] Primary
en CWE-307

Affected Products

Vendor Product Version Update Type
schneider-electric powerchute_serial_shutdown * <built-in method update of dict object at 0x75d828aae080> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:schneider-electric:powerchute_serial_shutdown:*:*:*:*:*:*:*:*
Notification
Message here