File Write Vulnerability in Web Server and Endpoint Management by Vendor
CVE-2026-22102

9.3CRITICAL

Key Information:

Vendor

Evbee

Status
Vendor
CVE Published:
13 July 2026

What is CVE-2026-22102?

A vulnerability exists in the web server endpoint that allows an attacker to use a POST request to write files to arbitrary locations. The issue arises because the filename parameter within the Content-Disposition header is not properly validated, enabling potential denial of service by overwriting essential system files or facilitating remote code execution through the manipulation of executable scripts. This poses significant risks to system integrity and confidentiality, making it imperative for organizations to apply appropriate security measures.

Affected Version(s)

DC-80 0 < 1.5.1

References

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Wilco van Beijnum (ElaadNL)
Jeroen van der Ham-de Vos (DIVD)
.