๐Ÿ” CVE Alert

CVE-2026-22102

UNKNOWN 0.0

Arbitrary file overwrite through certificate update functionality

CVSS Score
0.0
EPSS Score
0.4%
EPSS Percentile
35th

A POST request sent to a specific webserver endpoint can be used to write to arbitrary file locations. The endpoint accepts the filename parameter in the Content-Disposition header without verification. This can be used to cause a denial of service by overwriting system files, or remote-code-execution by overwriting shell-scripts which execution can be triggered through other means.

CWE CWE-20
Vendor evbee
Product dc-80
Published Jul 13, 2026
Last Updated Jul 13, 2026
Stay Ahead of the Next One

Get instant alerts for evbee dc-80

Be the first to know when new unknown vulnerabilities affecting evbee dc-80 are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

EVbee / DC-80
0 < 1.5.1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
csirt.divd.nl: https://csirt.divd.nl/DIVD-2026-00001/

Credits

Wilco van Beijnum (ElaadNL) Jeroen van der Ham-de Vos (DIVD)