Command Injection Vulnerability in OCPP DataTransfer Message by OCPP Vendor
CVE-2026-22100
8.6HIGH
What is CVE-2026-22100?
The OCPP DataTransfer message 'ReserveLogin' is susceptible to a command injection flaw, which allows attackers to craft malicious data values. If exploited, this vulnerability enables the execution of arbitrary operating system commands with root privileges, potentially compromising the entire system. Organizations using OCPP DataTransfer should assess their implementations and consider applying necessary mitigations to safeguard against such attacks.
Affected Version(s)
DC-80 0 < 1.5.1
References
CVSS V4
Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Wilco van Beijnum (ElaadNL)
Jeroen van der Ham-de Vos (DIVD)
