{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22619", "assignerOrgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759", "state": "PUBLISHED", "assignerShortName": "Eaton", "dateReserved": "2026-01-08T04:55:11.730Z", "datePublished": "2026-04-16T05:26:48.952Z", "dateUpdated": "2026-04-16T12:59:37.700Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759", "shortName": "Eaton", "dateUpdated": "2026-04-16T05:26:48.952Z"}, "affected": [{"vendor": "Eaton", "product": "IPP software", "versions": [{"status": "affected", "version": "0", "lessThan": "2.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package.\u00a0This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download center.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<div>Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package.&nbsp;<span>This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download center.</span></div>"}]}], "references": [{"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-427", "lang": "en", "description": "CWE-427 Uncontrolled Search Path Element"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-16T12:59:18.272669Z", "id": "CVE-2026-22619", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T12:59:37.700Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22619", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-16T12:59:18.272669Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T12:59:13.712Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Eaton", "product": "IPP software", "versions": [{"status": "affected", "version": "0", "lessThan": "2.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package.\u00a0This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download center.", "supportingMedia": [{"type": "text/html", "value": "<div>Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package.&nbsp;<span>This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download center.</span></div>", "base64": false}]}], "providerMetadata": {"orgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759", "shortName": "Eaton", "dateUpdated": "2026-04-16T05:26:48.952Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22619", "state": "PUBLISHED", "dateUpdated": "2026-04-16T12:59:37.700Z", "dateReserved": "2026-01-08T04:55:11.730Z", "assignerOrgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759", "datePublished": "2026-04-16T05:26:48.952Z", "assignerShortName": "Eaton"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eaton:intelligent_power_protector:*:*:*:*:*:*:*:*", "matchCriteriaId": "A49C293B-6544-427F-AE61-CF7D5FEC50D0", "versionEndExcluding": "2.00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package.\u00a0This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download center."}], "id": "CVE-2026-22619", "lastModified": "2026-04-22T20:00:25.783", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 6.0, "source": "CybersecurityCOE@eaton.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-16T06:16:10.413", "references": [{"source": "CybersecurityCOE@eaton.com", "tags": ["Vendor Advisory"], "url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf"}], "sourceIdentifier": "CybersecurityCOE@eaton.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "IPP software", "source": "cna", "vendor": "Eaton"}, "product": "ipp_software", "vendor": "eaton"}], "analysis": {"en": {"generated_at": "2026-04-17T09:22:35.081857+00:00", "value": {"mitigation_remediation": ["Upgrade the Eaton Intelligent Power Protector to the latest version available on the Eaton download center.", "Obtain the installer from the official Eaton download center to ensure authenticity.", "Continuously monitor Eaton advisories for future security updates."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is Eaton Intelligent Power Protector (IPP). Version information is not specified, but the issue affects releases prior to the latest update stated in the advisory and applies to all installations that run the vulnerable executable.", "description_and_impact": "The vulnerability arises from insecure library loading in the Eaton Intelligent Power Protector executable. The weakness aligns with CWE-427. An attacker who can influence the software package can cause the system to load an attacker\u2011supplied library, leading to arbitrary code execution within the IPP process.", "risk_and_exploitability": "The CVSS score of 7.8 points to a high severity. The probability of exploitation is very low, as indicated by the EPSS score of less than 1\u202f%. The vulnerability is not listed in the CISA KEV catalog. Likely attack scenarios involve the attacker having access to the software package or installation media, implying a local or supply\u2011chain vector. Once the vulnerable library is loaded, the attacker can execute code with the privileges of the IPP process, potentially gaining full control over the device."}}}}, "created": "2026-04-16T06:30:05.893379+00:00", "title": "Insecure Library Loading in Eaton Intelligent Power Protector Allows Code Execution", "updated": "2026-04-17T09:30:14.469525+00:00", "vendors": ["eaton", "eaton$PRODUCT$ipp_software"]}