← back
CVE-2026-22192

Voltronic Power SNMP Web Pro 1.1 Authentication Bypass via localStorage

CVSS 8.8 HIGHEPSS 0.3%CWE-306
Voltronic Power SNMP Web Pro version 1.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to access privileged management functions by manipulating browser localStorage values. Attackers can modify client-side authentication state to bypass server-side access controls and gain unauthorized access to protected management functionality without valid credentials.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N
Affected products
Voltronic Power · SNMP Web Pro

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22192-22199_Voltronic-Power_Preauth_root_RCE.txthttps://voltronicpower.com/https://www.boffsec-services.com/posts/sicuroweb-cve-2026-22191/https://www.vulncheck.com/advisories/voltronic-power-snmp-web-pro-authentication-bypass-via-localstorage