CVE-2026-22885
CWE-125Published: February 20, 2026· Updated: Feb 20, 2026
Official Description
A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and
prior, which would allow remote attackers, in the LON IP-852 management
messages, to send specially crafted IP-852 messages resulting in a
memory leak from the program's memory.
Technical Analysis
CVE-2026-22885 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.
The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.
CVSS v3.1 Vector Breakdown
Exploit & PoC Resources
News & Research Mentioning CVE-2026-22885
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to remotely execute arbitrary code and bypass ASLR. The following versions of EnOcean SmartServer IoT are affected: SmartServer IoT <=4.60.009 (CVE-2026-20761, CVE-2026-22885) CVSS Vendor Equipment Vulnerabilities v3 8.1 EnOcean Edge Inc EnOcean SmartServer IoT Improper Neutralization of Special Elements used in a Command ('Command Injection'), Out-of-bounds Read Background Critical Infrastructure Sectors: Information Technology Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-20761 A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attacker [xlite_meta score:79 src:CISA Alerts xlite_fp:7f7163ef5345510da109a4ae1ab23653566a22ddfd958ed1a3f024c34d984aa4]
All References (4)
Quick Facts
Known Threat Actors
Related CVEs (CWE-125)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-22885 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts