← back
CVE-2026-22618

CVE-2026-22618

CVSS 5.9 MEDIUMEPSS 0.2%CWE-358
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.9EPSS 0.2%KEV nãoPoC Patch
Lifecycle
Apr 16, 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attacks. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
Affected products
Eaton · IPP software

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf