Security Misconfiguration in Eaton Intelligent Power Protector
CVE-2026-22618

5.9MEDIUM

Key Information:

Vendor: Eaton
Status: Ipp Software
Vendor: CVE Published:; 16 April 2026

What is CVE-2026-22618?

A security misconfiguration was discovered in Eaton Intelligent Power Protector (IPP), where an insecure HTTP response header was improperly set. This vulnerability creates potential exposure to web-based attacks, increasing risks for users' security. The issue has been addressed in the most recent version of Eaton IPP software, which can be downloaded from the Eaton download center.

Affected Version(s)

IPP software 0 < 2.0

References

https://www.eaton.com/content/dam/eaton/company/news-insi...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2026
Vulnerability Reserved
Jan 8, 2026

CVE-2026-22618 Data

JSON