CVE-2026-22618
Insecure HTTP Header in Eaton IPP Causes Web Attack Risk
Publication date: 2026-04-16
Last updated on: 2026-04-22
Assigner: Eaton
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eaton | intelligent_power_protector | to 2.00 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-358 | The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a security misconfiguration in Eaton Intelligent Power Protector (IPP) where an HTTP response header was set with an insecure attribute. This misconfiguration could potentially expose users to web-based attacks.
How can this vulnerability impact me? :
The vulnerability can impact you by exposing users to web-based attacks due to the insecure HTTP response header attribute. This could lead to compromised integrity of information or unauthorized actions triggered through the web interface.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed in the latest version of Eaton Intelligent Power Protector (IPP) software.
To mitigate this vulnerability, you should update your Eaton IPP software to the latest version available from the Eaton download centre.