CVE-2026-27652 in CloudChargeinformation

Résumé

par MITRE • 27/02/2026

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

Icscert

Réserver

24/02/2026

Divulgation

27/02/2026

Modérer

accepté

Entrée

VDB-348140

CPE

prêt

CWE

CWE-613 (confirmé)

CVSS

7.5 (NVD)

EPSS

0.00052

KEV

non

Activités

très faible

Secteur

Finance, Insurance, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-27652
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-27652
CVE Details	https://www.cvedetails.com/cve/CVE-2026-27652/

◂ Précédent Aperçu Suivant ▸

Interested in the pricing of exploits?

See the underground prices here!