CVE-2026-22619
Insecure Library Loading in Eaton IPP Enables Code Execution
Publication date: 2026-04-16
Last updated on: 2026-04-22
Assigner: Eaton
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eaton | intelligent_power_protector | to 2.00 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in Eaton Intelligent Power Protector (IPP) is due to insecure library loading in its executable. This means that the software may load malicious or unintended libraries if an attacker has access to the software package, potentially allowing the attacker to execute arbitrary code on the affected system.
How can this vulnerability impact me? :
This vulnerability can lead to arbitrary code execution by an attacker with access to the software package. This means an attacker could potentially take control of the affected system, leading to severe consequences such as data theft, system disruption, or further compromise of the network.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability in Eaton Intelligent Power Protector (IPP) can be mitigated by updating to the latest version of the Eaton IPP software, which contains the fix for the insecure library loading issue.