CVE-2026-22619

High

Published: 16 April 2026

Published

16 April 2026

Modified

22 April 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0003 7.1th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22619 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Eaton Intelligent Power Protector. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL Side-Loading (T1574.002); ranked at the 7.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-10 (Software Usage Restrictions).

Threat & Defense at a Glance

What attackers do: exploitation maps to DLL Side-Loading (T1574.002) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the insecure library loading flaw by requiring timely installation of the vendor-fixed version of Eaton IPP software.

SI-7 Software, Firmware, and Information Integrity partial match

preventdetect

Verifies the integrity of executables and libraries using cryptographic mechanisms or monitoring to prevent loading and execution of malicious libraries placed in insecure search paths.

CM-10 Software Usage Restrictions partial match

prevent

Restricts execution to only authorized software via deny-all permit-by-exception policies, blocking malicious libraries from running even if loaded due to the vulnerable search path.

MITRE ATT&CK Enterprise TechniquesAI

T1574.002 DLL Side-Loading Stealth

Adversaries may execute their own malicious payloads by side-loading DLLs.

attack.mitre.org →

T1038 DLL Search Order Hijacking Persistence

Windows systems use a common method to look for required DLLs to load into a program.

attack.mitre.org →

Why these techniques?

Insecure library loading (CWE-427) directly enables DLL side-loading/search order hijacking for arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version…

of Eaton IPP software which is available on the Eaton download center.

Deeper analysisAI

CVE-2026-22619 is a vulnerability in Eaton Intelligent Power Protector (IPP) software, stemming from insecure library loading (CWE-427) in its executable. This flaw could enable arbitrary code execution for an attacker with access to the software package. The issue carries a CVSS v3.1 base score of 7.8 (AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) and was published on 2026-04-16.

Exploitation requires local access (AV:L), low privileges (PR:L), and high attack complexity (AC:H), with no user interaction needed (UI:N). A successful attack changes scope (S:C) and results in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H), allowing the attacker to execute arbitrary code on the affected system.

Eaton has fixed this issue in the latest version of IPP software, available on the Eaton download center. Additional details are provided in the vendor's security bulletin at https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf.