CVE-2026-22617

Insecure Cookie Configuration in Eaton IPP Allows Network-Based Man-in-the-Middle Interception

Description

Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre.

INFO

Published Date :

2026-04-16T05:02:07.710Z

Last Modified :

2026-04-16T13:23:29.510Z

Source :

Eaton

AFFECTED PRODUCTS

The following products are affected by CVE-2026-22617 vulnerability.

Vendors	Products
Eaton	Ipp Software

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-22617.

URL	Resource
https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact