CVE-2026-22615

| EUVD-2026-23174 MEDIUM
2026-04-16 Eaton GHSA-w622-v92m-9f53
RCE
6.0
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
High

Lifecycle Timeline

2
patch_available
Apr 16, 2026 - 06:01 EUVD
Analysis Generated
Apr 16, 2026 - 05:17 vuln.today

DescriptionNVD

Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is possible for an attacker with admin privileges and access to the local system to inject malicious code resulting in arbitrary command execution. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre.

AnalysisAI

Eaton Intelligent Power Protector (IPP) software allows authenticated administrators with local system access to execute arbitrary commands via XML input validation bypass, requiring user interaction. The vulnerability impacts all versions of IPP software prior to the latest patched release available on Eaton's download center. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-22615 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy