PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-22099 EVbee CVE debrief

A HIGH severity vulnerability was found in a charging station by an Unknown Vendor. The charging station does not require authentication for Bluetooth commands, which can lead to sensitive information leakage, triggering reboots, or pushing a firmware update URL. This vulnerability has a CVSS score of 8.7 and is classified as HIGH severity. The affected product is a charging station, and the vulnerability class is related to authentication and authorization. The likely operational impact includes sensitive information leakage, triggering reboots, or pushing a firmware update URL.

Vendor
EVbee
Product
DC-80
CVSS
HIGH 8.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-13
Original CVE updated
2026-07-13
Advisory published
2026-07-13
Advisory updated
2026-07-13

Who should care

Organizations using the affected charging station should assess their exposure and take appropriate measures. This includes operators of charging stations, platform administrators, vulnerability management teams, and security teams. They should review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.

Technical summary

The charging station does not require authentication for Bluetooth commands to perform actions. The functionality exposed includes sensitive information leakage, triggering reboots, or pushing a firmware update URL. This vulnerability has a CVSS score of 8.7 and is classified as HIGH severity. The affected product is a charging station, and the vulnerability class is related to authentication and authorization.

Defensive priority

Immediate attention is recommended due to the high severity and potential impact of this vulnerability. Defenders should prioritize verifying the charging station's configuration and ensuring it is properly secured.

Recommended defensive actions

  • Verify the charging station's configuration and ensure it is properly secured.
  • Implement authentication for Bluetooth commands.
  • Monitor the charging station for suspicious activity.
  • Consider applying firmware updates if available.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.

Evidence notes

The CVE record was published on 2026-07-13T10:16:27.523Z and has not been modified since then. The NVD entry is currently Received. There is limited information available about the affected product or its deployments. Defenders should verify the charging station's configuration and ensure it is properly secured. The CVE record does not provide specific details about the vendor or the affected product.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:27.523Z and has not been modified since then.