CVE-2026-22618

A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attacks. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:eaton:intelligent_power_protector:*:*:*:*:*:*:*:*

History

22 Apr 2026, 20:01

Type	Values Removed	Values Added
References	~~() https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf -~~	() https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf - Vendor Advisory
CPE		cpe:2.3:a:eaton:intelligent_power_protector::::::::
First Time		Eaton Eaton intelligent Power Protector

16 Apr 2026, 06:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-16 06:16

Updated : 2026-04-22 20:01

NVD link : CVE-2026-22618

Mitre link : CVE-2026-22618

CVE.ORG link : CVE-2026-22618

JSON object : View

Products Affected

eaton

intelligent_power_protector

CWE

CWE-358

Improperly Implemented Security Check for Standard

5.9 /10