CVE-2026-4827
CWE-331Published: May 12, 2026· Updated: May 14, 2026
Official Description
CWE‑331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections.
Technical Analysis
CVE-2026-4827 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.
Exploitation does not require any privileges, though user interaction (P) is needed, which slightly reduces the risk of mass automated attacks.
CVSS v3.1 Vector Breakdown
Exploit & PoC Resources
News & Research Mentioning CVE-2026-4827
View CSAF Summary Schneider Electric is aware of vulnerabilities in its PowerChute™ Serial Shutdown product. The [PowerChute Serial Shutdown](https://www.se.com/ww/en/product-range/137943580-powerchute-serial-shutdown/#products) product is a UPS management software enabling graceful system shutdown and energy management capabilities for desktop, servers and workstations. Failure to apply the remediation provided below may risk improper input validation which could result in disruption of operations and access to system data. The following versions of Schneider Electric Easergy, EcoStruxture, PowerLogic, and Saitel Products are affected: Easergy MiCOM C264 vers:generic/<=D7.33 (CVE-2026-4827) Easergy MiCOM P139 vers:generic/<=P139.678.700 (CVE-2026-48 [xlite_meta score:73 src:CISA Alerts xlite_fp:43f5973f36f86187f86f68c465650938faee59ea4e771262ba672239bdf052e0]
All References (1)
Quick Facts
Related CVEs (CWE-331)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-4827 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts