Arbitrary Command Execution Vulnerability in Eaton Intelligent Power Protector
CVE-2026-22615

6MEDIUM

Key Information:

Vendor: Eaton
Status: Ipp Software
Vendor: CVE Published:; 16 April 2026

What is CVE-2026-22615?

A security vulnerability exists in Eaton Intelligent Power Protector due to improper input validation in XML processing. An attacker with administrative privileges and local system access can exploit this vulnerability to inject malicious code, enabling arbitrary command execution. This issue has been addressed in the latest Eaton IPP software version, which can be downloaded from the Eaton download centre.

Affected Version(s)

IPP Software 0 < 2.0

References

https://www.eaton.com/content/dam/eaton/company/news-insi...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2026
Vulnerability Reserved
Jan 8, 2026

CVE-2026-22615 Data

JSON