CVE-2026-22618

| EUVD-2026-23177 MEDIUM
2026-04-16 Eaton GHSA-9ghh-rh79-4vmr
Information Disclosure
5.9
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
None

Lifecycle Timeline

2
patch_available
Apr 16, 2026 - 06:01 EUVD
Analysis Generated
Apr 16, 2026 - 05:59 vuln.today

DescriptionNVD

A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attacks. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre.

AnalysisAI

Insecure HTTP response header configuration in Eaton Intelligent Power Protector (IPP) software enables attackers to perform web-based attacks including information disclosure and content modification. The vulnerability requires network access, unusual attack complexity, and user interaction (CVSS AV:N/AC:H/PR:N/UI:R), affecting all versions of IPP software prior to the patched release. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-22618 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy