CVE Field Guide
About Us
CVE-2026-22095
PUBLISHED
Command injection in diagnosis web endpoint
Assigner:
DIVD
Reserved:
06.01.2026
Published:
13.07.2026
Updated:
13.07.2026
The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection.
Metrics
CVSS 4.0
CVSS Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score:
9.3
CVSS score
9.3
Exploitability Metrics
Vulnerable System Impact Metrics
Subsequent System Impact Metrics
Attack Vector
Network
Confidentiality
High
Confidentiality
None
Attack Complexity
Low
Integrity
High
Integrity
None
Attack Requirements
None
Availability
High
Availability
None
Privileges Required
None
User Interaction
None
CVSS 4.0
Product Status
Vendor
EVbee
Product
DC-80
Versions
Default:
unaffected
affected from 0 to 1.5.1 (excl.)
Credits
Wilco van Beijnum (ElaadNL)
finder
Jeroen van der Ham-de Vos (DIVD)
analyst
References
https://csirt.divd.nl/DIVD-2026-00001/
Problem Types
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE