CVE-2026-22616 PUBLISHED

Assigner: Eaton
Reserved: 08.01.2026 Published: 16.04.2026 Updated: 16.04.2026

Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been fixed in the latest version of Eaton IPP which is available on the Eaton download centre.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSS Score: 6.5

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	None	Integrity Impact	Low
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	Eaton
Product	IPP Software
Versions	Default: unaffected affected from 0 to 2.0 (excl.)

References

https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf

Problem Types

CWE-307 Improper restriction of excessive authentication attempts CWE