CVE-2026-22192
Voltronic Power SNMP Web Pro 1.1 Authentication Bypass via localStorage
CVSS Score
9.9
EPSS Score
0.0%
EPSS Percentile
3th
Voltronic Power SNMP Web Pro version 1.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to access privileged management functions by manipulating browser localStorage values. Attackers can modify client-side authentication state to bypass server-side access controls and gain unauthorized access to protected management functionality without valid credentials.
| CWE | CWE-306 |
| Vendor | voltronic power |
| Product | snmp web pro |
| Published | Mar 13, 2026 |
| Last Updated | Apr 22, 2026 |
Stay Ahead of the Next One
Get instant alerts for voltronic power snmp web pro
Be the first to know when new critical vulnerabilities affecting voltronic power snmp web pro are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
High
Availability
Low
Affected Versions
Voltronic Power / SNMP Web Pro
1.1
References
github.com: https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22192-22199_Voltronic-Power_Preauth_root_RCE.txt boffsec-services.com: https://www.boffsec-services.com/posts/sicuroweb-cve-2026-22191/ voltronicpower.com: https://voltronicpower.com/ vulncheck.com: https://www.vulncheck.com/advisories/voltronic-power-snmp-web-pro-authentication-bypass-via-localstorage
Credits
Jean-Marie Bourbon of Bourbon Offensive Security Services VulnCheck