PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-22100 EVbee CVE debrief

CVE-2026-22100 is a HIGH severity vulnerability in the OCPP DataTransfer message ReserveLogin. The vulnerability allows for command injection as root by manipulating the data value. The CVE record was published on 2026-07-13T10:16:27.670Z and has not been modified since then. Organizations using the affected OCPP implementation should prioritize patching this vulnerability to prevent potential command injection attacks. Affected product deployments need to be identified and verified for potential exposure. The ReserveLogin message in OCPP is used for login requests, and its manipulation could lead to command injection attacks. Evidence from the CVE record and NVD entry should be reviewed, and additional sources consulted to confirm the vulnerability's details.

Vendor
EVbee
Product
DC-80
CVSS
HIGH 8.6
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-13
Original CVE updated
2026-07-13
Advisory published
2026-07-13
Advisory updated
2026-07-13

Who should care

Organizations using the affected OCPP implementation should prioritize patching this vulnerability to prevent potential command injection attacks.

Technical summary

The OCPP DataTransfer message ReserveLogin is vulnerable to command injection. By manipulating the data value, arbitrary OS commands can be executed as root. This vulnerability has a CVSS score of 8.6 and a severity of HIGH. The vulnerability affects the OCPP implementation, and its exploitation could lead to command injection attacks. The CVE record and NVD entry provide limited information about the vulnerability, and further investigation is necessary to fully understand its scope and impact.

Defensive priority

High priority should be given to patching this vulnerability due to its HIGH severity and potential for command injection attacks. Organizations should verify and limit network exposure for the affected system and monitor for suspicious activity. Compensating controls should be implemented if patching is not feasible in the short term. Defensive measures should focus on restricting access to the affected OCPP implementation and enhancing monitoring capabilities to detect potential exploitation attempts. The vulnerability's impact on the system and potential entry points for attackers should be carefully assessed to prioritize mitigation efforts effectively. Additionally, security teams should review the system's configuration and ensure that it is properly secured against such attacks. Regular security audits and penetration testing can help identify and address potential vulnerabilities before they are exploited. By taking a proactive and layered approach to security, organizations can reduce the risk of successful attacks and minimize potential damage. It is also essential to stay informed about the latest security advisories and updates from the vendor to ensure that the system remains secure and up-to-date. Furthermore, organizations should consider implementing a vulnerability management program to identify, prioritize, and remediate vulnerabilities in a timely and effective manner. This program should include regular vulnerability assessments, patch management, and incident response planning to ensure that the organization is prepared to respond to potential security incidents. By prioritizing vulnerability management and taking a proactive approach to security, organizations can reduce the risk of successful attacks and protect their assets from potential harm. The CVE record and NVD entry provide limited information about the vulnerability, and further investigation is necessary to fully understand its scope and impact. Affected product deployments need to be identified and verified for potential exposure. The ReserveLogin message in OCPP is used for login requests, and its manipulation could lead to command injection attacks. Evidence from the CVE and N

Recommended defensive actions

  • Apply the vendor's official patch or mitigation
  • Verify and limit network exposure for the affected system
  • Monitor for suspicious activity and implement compensating controls if patching is not feasible

Evidence notes

The CVE record and NVD entry provide limited information about the vulnerability. Further investigation and verification are necessary to fully understand the scope and impact of this vulnerability. Affected product deployments need to be identified and verified for potential exposure. The ReserveLogin message in OCPP is used for login requests, and its manipulation could lead to command injection attacks. Evidence from the CVE record and NVD entry should be reviewed, and additional sources consulted to confirm the vulnerability's details.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:27.670Z and has not been modified since then.