← back
CVE-2026-22097

Missing firmware validation allows remote code execution

CVSS 9.3 CRITICALCWE-347
Vexday Risk Score
25Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.3EPSS KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
13 Jul 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The firmware update mechanism does not include cryptographic signature validation. This allows anyone with access to the firmware update capability to upload arbitrary files which can then lead to arbitrary code execution.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
Affected products
EVbee · DC-80