{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-22616","assignerOrgId":"63703b7d-23e2-41ef-94b3-a3c6333f7759","state":"PUBLISHED","assignerShortName":"Eaton","dateReserved":"2026-01-08T04:55:11.728Z","datePublished":"2026-04-16T04:54:48.148Z","dateUpdated":"2026-04-16T13:30:12.024Z"},"containers":{"cna":{"providerMetadata":{"orgId":"63703b7d-23e2-41ef-94b3-a3c6333f7759","shortName":"Eaton","dateUpdated":"2026-04-16T04:54:48.148Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-307","description":"CWE-307 Improper restriction of excessive authentication attempts","type":"CWE"}]}],"affected":[{"vendor":"Eaton","product":"IPP Software","versions":[{"status":"affected","version":"0","lessThan":"2.0","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been fixed in the latest version of Eaton IPP which is available on the Eaton download centre.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>Eaton&nbsp;<span>Intelligent Power Protector (IPP)</span><span>&nbsp;software</span><span>&nbsp;</span><span>allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls.&nbsp;</span><span>This security issue has been fixed in the latest version of Eaton IPP which is available on the Eaton download centre.</span></p>"}]}],"references":[{"url":"https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseSeverity":"MEDIUM","baseScore":6.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 1.0.1"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-16T13:23:56.166508Z","id":"CVE-2026-22616","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-16T13:30:12.024Z"}}]}}