A vulnerability classified as critical was found in EVbee DC-80 up to 1.5.0. The affected element is the function Home of the file server of the component NPC start endpoint. Executing a manipulation of the argument command can lead to command injection.

The identification of this vulnerability is CVE-2026-22103. The attack may be launched remotely. There is no exploit available.