🔐 CVE Alert

CVE-2026-22093

UNKNOWN 0.0

Adversary-in-the-Middle (AitM) attack vulnerability in EVbee Service app

CVSS Score
0.0
EPSS Score
0.2%
EPSS Percentile
10th

The EVbee Service Android app uses TLS encrypted communication (HTTPS), but does not validate the certificate provided by the server. This allows an attacker on the network path between the app and EVbee server to intercept and manipulate the communication between the app and server. The traffic is weakly encrypted using RC4 with a hardcoded key, which allows an attacker to gain access to the communication. Part of this communication involves access codes to charging stations. This issue affects EVbee Service: v1.4.101.00.

CWE CWE-295
Vendor evbee
Product evbee service
Published Jul 13, 2026
Last Updated Jul 13, 2026
Stay Ahead of the Next One

Get instant alerts for evbee evbee service

Be the first to know when new unknown vulnerabilities affecting evbee evbee service are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

EVbee / EVbee Service
0 < 1.4.7.10

References

NVD ↗ CVE.org ↗ EPSS Data ↗
csirt.divd.nl: https://csirt.divd.nl/DIVD-2026-00001/

Credits

Wilco van Beijnum (ElaadNL) Jeroen van der Ham-de Vos (DIVD)