CVE-2026-22192

EUVD-2026-11743
Voltronic Power SNMP Web Pro version 1.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to access privileged management functions by manipulating browser localStorage values. Attackers can modify client-side authentication state to bypass server-side access controls and gain unauthorized access to protected management functionality without valid credentials.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.9 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
gvectorswpdiscuz
𝑥
< 7.6.47
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22192-22199_Voltronic-Power_Preauth_root_RCE.txt
https://voltronicpower.com/
https://www.boffsec-services.com/posts/sicuroweb-cve-2026-22191/
https://www.vulncheck.com/advisories/voltronic-power-snmp-web-pro-authentication-bypass-via-localstorage