CVE-2026-2400

Name of the Vulnerable Software and Affected Versions PowerChute Serial Shutdown (affected versions not specified)

Description Improper neutralization of CRLF sequences, also known as CRLF Injection, occurs when the application fails to properly filter carriage return and line feed characters. This issue can be triggered when a Web Admin user modifies the payload of the 'POST /setPCBEDesc' request, potentially leading to the reset of application user credentials or a denial of service condition via specially crafted POST requests.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.