CVE-2022-26269

MEDIUM

Suzuki Connect <1.0.15 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-26269. PoCs published by nsbogam.

AI-analyzed exploit summary This repository provides a detailed writeup for CVE-2022-26269, which involves spoofing CAN messages via the OBD-II port to manipulate fuel and seatbelt status data displayed in the Suzuki Connect app. The PoC outlines the steps to transmit crafted CAN messages to deceive the app into showing incorrect vehicle status.

Description

Suzuki Connect v1.0.15 allows attackers to tamper with displayed messages via spoofed CAN messages.

Exploits (1)

nomisec WRITEUP 2 stars
by nsbogam · poc
https://github.com/nsbogam/CVE-2022-26269

This repository provides a detailed writeup for CVE-2022-26269, which involves spoofing CAN messages via the OBD-II port to manipulate fuel and seatbelt status data displayed in the Suzuki Connect app. The PoC outlines the steps to transmit crafted CAN messages to deceive the app into showing incorrect vehicle status.

Classification
Writeup 100%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Suzuki Connect app version 1.0.15
No auth needed
Prerequisites: Ignis Zeta variant (2019) · Suzuki Connect app version 1.0.15 · USB to CAN Hardware (OBD-II port) · Software to transmit CAN messages
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Vendor Advisory x_refsource_misc
https://www.marutisuzuki.com/
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/nsbogam/CVE-2022-26269/blob/main/README.md

Scores

CVSS v3 4.6
EPSS 0.0038
EPSS Percentile 30.0%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

Status published
Products (1)
globalsuzuki/suzuki_connect 1.0.15
Published Mar 29, 2022
Tracked Since Feb 18, 2026