CVE-2026-22192

9.9 CRITICAL
Published: March 13, 2026 Modified: April 22, 2026
View on NVD

Description

Voltronic Power SNMP Web Pro version 1.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to access privileged management functions by manipulating browser localStorage values. Attackers can modify client-side authentication state to bypass server-side access controls and gain unauthorized access to protected management functionality without valid credentials.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22192-22199_Voltronic-Power_Preauth_root_RCE.txt
Source: disclosure@vulncheck.com
https://voltronicpower.com/
Source: disclosure@vulncheck.com
https://www.boffsec-services.com/posts/sicuroweb-cve-2026-22191/
Source: disclosure@vulncheck.com
https://www.vulncheck.com/advisories/voltronic-power-snmp-web-pro-authentication-bypass-via-localstorage
Source: disclosure@vulncheck.com

4 reference(s) from NVD

Quick Stats

CVSS v3 Score
9.9 / 10.0
EPSS (Exploit Probability)
0.0%
3th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-306

Affected Vendors

gvectors

Related CVEs

CVE-2026-4049 N/A
CVE-2026-41455 8.5
CVE-2026-41454 8.3
CVE-2026-41314 N/A
CVE-2026-41313 N/A