CVE-2026-22100

The OCPP DataTransfer message `ReserveLogin` is vulnerable to command injection. By manipulating the data value, arbitrary OS commands can be executed as root.

Credits

Wilco van Beijnum (ElaadNL)
Jeroen van der Ham-de Vos (DIVD)

References