Description
Voltronic Power SNMP Web Pro version 1.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to access privileged management functions by manipulating browser localStorage values. Attackers can modify client-side authentication state to bypass server-side access controls and gain unauthorized access to protected management functionality without valid credentials.
References (7)
Core 7
Core References
Third Party Advisory
https://www.vulncheck.com/advisories/wpdiscuz-before-stored-cross-site-scripting-via-malicious-options-import
Technical Description technical-description
https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22192-22199_Voltronic-Power_Preauth_root_RCE.txt
Technical Description technical-description
https://www.boffsec-services.com/posts/sicuroweb-cve-2026-22191/
Product product
https://voltronicpower.com/
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/voltronic-power-snmp-web-pro-authentication-bypass-via-localstorage
Scores
CVSS v3
9.9
EPSS
0.0027
EPSS Percentile
18.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-306
Status
published
Products (4)
gVectors/wpDiscuz
< 7.6.47
gvectors/wpdiscuz
< 7.6.47
gVectors/wpDiscuz
7.6.47
Voltronic Power/SNMP Web Pro
1.1
Published
Mar 13, 2026
Tracked Since
Mar 14, 2026