6.2
CVE-2025-53847 - Missing Authentication Allows Unauthenticated Code Execution in FortiOS
A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiOS 6.2.9 through 6.2.17 allows attacker to execute unauthorized code or commaβ¦
4.1
CVE-2026-22576 -
A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOβ¦
2.5
CVE-2026-27316 - Insufficiently Protected Credentials Expose LDAP Server Secrets
A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection.
9.1
CVE-2026-39808 -
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>
2.4
CVE-2026-2401 - Sensitive Information Exposure via Log Injection in PowerChute Serial Shutdown
CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential information to be exposed when a Web Admin user executes a malicious file provided by an attacker.
5.3
CVE-2026-2400 - CRLF Injection Enables Credential Reset in PowerChute Serial Shutdown
CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that could cause application user credentials to reset when a Web Admin user alters the POST /setPCBEDesc request payload.
5.3
CVE-2026-2403 - Log Truncation via Improper Input Validation in Schneider Electric PowerChute Serial Shutdown Web Aβ¦
CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrity when a Web Admin user alters the POST /logsettings request payload.
5.3
CVE-2026-2405 - Denial of Service via Uncontrolled Resource Consumption on PowerChute Web Admin
CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creation and denial of service when a Web Admin user floods the system with POST /helpabout requests.
6.9
CVE-2026-2402 - Repeated Authentication Attempts Allow Unauthorized Account Access
CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on a sequence of requests to multiple endpoints.
6.9
CVE-2026-2404 - Improper Encoding Allows Log Injection in Schneider Electric PowerChute Serial Shutdown
CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /j_security check request payload.