Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
Charging Station Identifiers Not Securely Used in WebSockets
CVE-2026-24912
Summary
A security issue in the WebSocket backend affects charging stations, allowing malicious users to impersonate others or overwhelm the system. This can lead to unauthorized access or denial-of-service. Update the backend to use more secure session management to prevent these risks.
Original title
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in pre...
Original description
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable
a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.
a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.
nvd CVSS3.1
7.3
nvd CVSS4.0
6.9
Vulnerability type
CWE-613
Published: 6 Mar 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026