CVE-2026-22093
Adversary-in-the-Middle (AitM) attack vulnerability in EVbee Service app
CVSS Score
0.0
EPSS Score
0.2%
EPSS Percentile
10th
The EVbee Service Android app uses TLS encrypted communication (HTTPS), but does not validate the certificate provided by the server. This allows an attacker on the network path between the app and EVbee server to intercept and manipulate the communication between the app and server. The traffic is weakly encrypted using RC4 with a hardcoded key, which allows an attacker to gain access to the communication. Part of this communication involves access codes to charging stations. This issue affects EVbee Service: v1.4.101.00.
| CWE | CWE-295 |
| Vendor | evbee |
| Product | evbee service |
| Published | Jul 13, 2026 |
| Last Updated | Jul 13, 2026 |
Stay Ahead of the Next One
Get instant alerts for evbee evbee service
Be the first to know when new unknown vulnerabilities affecting evbee evbee service are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
EVbee / EVbee Service
0 < 1.4.7.10
Credits
Wilco van Beijnum (ElaadNL) Jeroen van der Ham-de Vos (DIVD)