CVE-2026-22617
published 2026-04-16CVE-2026-22617: Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit…
PriorityP345high7.4CVSS 3.1
AVNACHPRNUINSUCHIHAN
EPSS
0.17%
6.6th percentile
Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| eaton | intelligent_power_protector | < 2.00 | 2.00 |
| eaton | ipp_software | < 2.0 | 2.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Eaton IPP Software up to 1.x Configuration missing secure attribute
vuldb·2026-04-16·CVSS 5.7
CVE-2026-22617 [MEDIUM] Eaton IPP Software up to 1.x Configuration missing secure attribute
A vulnerability categorized as problematic has been discovered in Eaton IPP Software up to 1.x. Impacted is an unknown function of the component Configuration Handler. Such manipulation leads to sensitive cookie without secure attribute.
This vulnerability is referenced as CVE-2026-22617. It is possible to launch the attack remotely. No exploit is available.
It is advisable to upgrade the affected component.
GHSA
GHSA-m6jh-hgc7-xggx: Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and
ghsa_unreviewed·2026-04-16
CVE-2026-22617 [MEDIUM] CWE-614 GHSA-m6jh-hgc7-xggx: Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and
Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-16
Published