Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
Charging Station Sessions Can Be Hijacked via Predictable IDs
CVE-2026-27764
Summary
The charging station software uses a method to identify sessions that can be easily guessed, allowing an attacker to take control of a legitimate user's session. This could allow an unauthorized user to pretend to be someone else or flood the system with fake requests, causing it to become unresponsive. Businesses using this software should update to a fix or change their session identification method to prevent this issue.
Original title
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in pre...
Original description
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.
nvd CVSS3.1
7.3
nvd CVSS4.0
6.9
Vulnerability type
CWE-613
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026