CVE-2026-22615
published 2026-04-16CVE-2026-22615: Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is possible for an attacker with admin privileges and access to…
PriorityP350high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.34%
26.0th percentile
Due to improper
input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is
possible for an attacker with admin privileges and access to the local system to
inject malicious code resulting in arbitrary command execution. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| eaton | intelligent_power_protector | < 2.00 | 2.00 |
| eaton | ipp_software | < 2.0 | 2.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Eaton IPP Software up to 1.x input validation
vuldb·2026-04-16·CVSS 6.0
CVE-2026-22615 [MEDIUM] Eaton IPP Software up to 1.x input validation
A vulnerability, which was classified as problematic, has been found in Eaton IPP Software up to 1.x. The affected element is an unknown function. The manipulation leads to improper input validation.
This vulnerability is traded as CVE-2026-22615. It is possible to initiate the attack remotely. There is no exploit available.
It is advisable to upgrade the affected component.
GHSA
GHSA-w622-v92m-9f53: Due to improper
input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is
possible for an attacker with admin privileges and a
ghsa_unreviewed·2026-04-16
CVE-2026-22615 [MEDIUM] CWE-20 GHSA-w622-v92m-9f53: Due to improper
input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is
possible for an attacker with admin privileges and a
Due to improper
input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is
possible for an attacker with admin privileges and access to the local system to
inject malicious code resulting in arbitrary command execution. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-16
Published