What is CVE-2026-22617?

CVE-2026-22617 is a medium-severity vulnerability in Eaton Ipp Software, classified under Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. CVSS score: 5.7/10. Published 2026-04-16.

How severe is CVE-2026-22617?

Medium severity. CVSS v3 base score is 5.7 out of 10.

Vulnerability in Eaton Ipp Software

CVE-2026-22617

Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. This security issue has been fixed in the…

EPSS: 0.000 (0.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.7 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N.

Affected products

Eaton Ipp Software — versions 0

Weakness classification (CWE)

CWE-614 — Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

References

www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bu…

Frequently asked questions

What is CVE-2026-22617?: CVE-2026-22617 is a medium-severity vulnerability in Eaton Ipp Software, classified under Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. CVSS score: 5.7/10. Published 2026-04-16.
How severe is CVE-2026-22617?: Medium severity. CVSS v3 base score is 5.7 out of 10.