RCE in Evbee Dc-80
CVE-2026-22100
The OCPP DataTransfer message `ReserveLogin` is vulnerable to command injection. By manipulating the data value, arbitrary OS commands can be executed as root.
Vulnerability class: Command Injection (OS Command Injection)
Affected products
- Evbee Dc-80 — versions 0
Weakness classification (CWE)
References
- csirt@divd.nl (third-party-advisory)