PT-2026-33256 · Eaton · Intelligent Power Protector

Published

2026-04-16

Updated

2026-04-16

CVE-2026-22615

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Eaton Intelligent Power Protector (affected versions not specified)

Description Improper input validation in an XML component allows an attacker with administrative privileges and local system access to perform XML injection, which can lead to arbitrary command execution.

Recommendations Update to the latest version of Eaton IPP software available on the Eaton download centre.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2026-22615

Affected Products

Intelligent Power Protector

PT-2026-33256 · Eaton · Intelligent Power Protector

CVE-2026-22615

Weakness Enumeration

Related Identifiers

Affected Products

References · 4