Insufficient Rate-Limiting in Eaton Intelligent Power Protector Software
CVE-2026-22616

6.5MEDIUM

Key Information:

Vendor: Eaton
Status: Ipp Software
Vendor: CVE Published:; 16 April 2026

What is CVE-2026-22616?

Eaton's Intelligent Power Protector (IPP) software has a security flaw that allows an attacker to make repeated authentication attempts on the web interface login page due to inadequate rate-limiting measures. This vulnerability can potentially facilitate unauthorized access to the system. Eaton has addressed this security issue in the latest update, which is now available for download from their official site.

Affected Version(s)

IPP Software 0 < 2.0

References

https://www.eaton.com/content/dam/eaton/company/news-insi...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2026
Vulnerability Reserved
Jan 8, 2026

CVE-2026-22616 Data

JSON