CVE-2026-27652 in CloudChargeالمعلومات

الملخص

بحسب MITRE • 27/02/2026

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

Icscert

حجز

24/02/2026

إفشاء

27/02/2026

الاعتدال

تمت الموافقة

إدخال

VDB-348140

CPE

جاهز

CWE

CWE-613 (مؤكد)

CVSS

7.5 (NVD)

EPSS

0.00052

KEV

لا

النشاطات

منخفض جدًا

القطاع

Government, Chemical, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-27652
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-27652
CVE Details	https://www.cvedetails.com/cve/CVE-2026-27652/

التالي ▸نظرة عامة ◂ السابق

Might our Artificial Intelligence support you?

Check our Alexa App!