CVE-2026-22619
published 2026-04-16CVE-2026-22619: Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker…
PriorityP264critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
0.32%
24.1th percentile
Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download center.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| eaton | intelligent_power_protector | < 2.00 | 2.00 |
| eaton | ipp_software | < 2.0 | 2.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w3cg-4gfc-vw5x: Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an
ghsa_unreviewed·2026-04-16
CVE-2026-22619 [HIGH] GHSA-w3cg-4gfc-vw5x: Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an
Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download center.
VulDB
Eaton IPP Software up to 1.x uncontrolled search path
vuldb·2026-04-16·CVSS 7.8
CVE-2026-22619 [HIGH] Eaton IPP Software up to 1.x uncontrolled search path
A vulnerability labeled as problematic has been found in Eaton IPP Software up to 1.x. The impacted element is an unknown function. Executing a manipulation can lead to uncontrolled search path.
This vulnerability is tracked as CVE-2026-22619. The attack is restricted to local execution. No exploit exists.
The affected component should be upgraded.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-16
Published