CVE-2026-27767 in swtchenergyinfo

Zusammenfassung

von MITRE • 27.02.2026

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

Icscert

Reservieren

24.02.2026

Veröffentlichung

27.02.2026

Moderieren

akzeptiert

Eintrag

VDB-348110

CPE

bereit

CWE

CWE-306 (bestätigt)

CVSS

9.8 (NVD)

EPSS

0.00197

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-27767
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-27767
CVE Details	https://www.cvedetails.com/cve/CVE-2026-27767/

◂ Zurück Übersicht Weiter ▸

Might our Artificial Intelligence support you?

Check our Alexa App!