CVE-2026-22616

Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been fixed in the latest version of Eaton IPP which is available on the Eaton download centre.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:eaton:intelligent_power_protector:*:*:*:*:*:*:*:*

History

22 Apr 2026, 20:02

Type	Values Removed	Values Added
CPE		cpe:2.3:a:eaton:intelligent_power_protector::::::::
First Time		Eaton Eaton intelligent Power Protector
References	~~() https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf -~~	() https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf - Vendor Advisory

16 Apr 2026, 05:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-16 05:16

Updated : 2026-04-22 20:02

NVD link : CVE-2026-22616

Mitre link : CVE-2026-22616

CVE.ORG link : CVE-2026-22616

JSON object : View

Products Affected

eaton

intelligent_power_protector

CWE

CWE-307

Improper Restriction of Excessive Authentication Attempts

6.5 /10