CVE-2026-22097
Received
Received - Intake
Firmware Update Missing Signature Validation Leading to Arbitrary Code Execution
Vulnerability report for CVE-2026-22097, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-13
Last updated on: 2026-07-13
Assigner: Dutch Institute for Vulnerability Disclosure
Description
Description
The firmware update mechanism does not include cryptographic signature validation. This allows anyone with access to the firmware update capability to upload arbitrary files which can then lead to arbitrary code execution.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-347 | The product does not verify, or incorrectly verifies, the cryptographic signature for data. |