Insecure Cookie Configuration in Eaton Intelligent Power Protector
CVE-2026-22617

5.7MEDIUM

Key Information:

Vendor: Eaton
Status: Ipp Software
Vendor: CVE Published:; 16 April 2026

What is CVE-2026-22617?

The Eaton Intelligent Power Protector (IPP) is susceptible to an insecure cookie configuration, allowing potential network-based attackers to intercept and exploit sensitive cookies via man-in-the-middle attacks. This vulnerability poses significant risks as intercepted cookies may grant unauthorized access to critical application functions or user data. Eaton has addressed this issue, and users are encouraged to update to the latest version of the IPP software, available through the Eaton download center, to safeguard against these exploits.

Affected Version(s)

IPP Software 0 < 2.0

References

https://www.eaton.com/content/dam/eaton/company/news-insi...

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2026
Vulnerability Reserved
Jan 8, 2026

CVE-2026-22617 Data

JSON