PT-2026-22244

Name of the Vulnerable Software and Affected Versions Systems utilizing WebSocket endpoints for the Open Charge Point Protocol OCPP affected versions not specified Description WebSocket endpoints lack proper authentication mechanisms, allowing unauthenticated attackers to connect and impersonate...

Chargemap 安全漏洞

Chargemap is a electric vehicle service platform website operated by the French company Chargemap. Chargemap has a security vulnerability, which stems from the lack of an authentication request limit on the WebSocket API. This vulnerability could lead to denial-of-service attacks or brute-force...

Mobility46 代码问题漏洞

Mobility46 is a digital management platform for electric vehicle charging developed by the Swedish company Mobility46. There are code-related vulnerabilities in Mobility46; these vulnerabilities stem from the WebSocket backend’s use of predictable session identifiers, which may lead to session...

SWITCH EV 安全漏洞

SWITCH EV is a electric vehicle charging facility management platform developed by the US company SWITCH. SWITCH EV has a security vulnerability, which stems from the lack of a limit on the number of authentication requests in the WebSocket application programming interface. This vulnerability...

EV2GO 访问控制错误漏洞

EV2GO is a electric vehicle charging facility management platform developed by the Russian company EV2GO. EV2GO has a access control vulnerability, which stems from the lack of proper authentication mechanisms in WebSocket endpoints. This vulnerability could allow unauthorized attackers to perfor...

PT-2026-22265

Name of the Vulnerable Software and Affected Versions WebSocket Application Programming Interface affected versions not specified Description The WebSocket Application Programming Interface does not limit the number of authentication requests. This lack of rate limiting could enable an attacker t...

EV Energy 访问控制错误漏洞

EV Energy is a electric vehicle charging software platform operated by the British company EV Energy. EV Energy has a security vulnerability related to access control. This vulnerability stems from the lack of proper authentication mechanisms at WebSocket endpoints, which can lead to unauthorized...

PT-2026-22254

Name of the Vulnerable Software and Affected Versions WebSocket Application Programming Interface affected versions not specified Description The WebSocket Application Programming Interface does not limit the number of authentication requests. This lack of rate limiting could enable an attacker t...

CloudCharge 访问控制错误漏洞

CloudCharge is a website for electric vehicle charging management developed by the Swedish company CloudCharge. CloudCharge has a security vulnerability related to access control. This vulnerability stems from the lack of proper authentication mechanisms at WebSocket endpoints, which could allow...

EV Energy 代码问题漏洞

EV Energy is a electric vehicle charging software platform operated by the British company EV Energy. There are code vulnerabilities within EV Energy; these vulnerabilities stem from the WebSocket backend, which uses charging station identifiers to uniquely associate sessions but allows multiple...

PT-2026-22266

Name of the Vulnerable Software and Affected Versions Systems utilizing WebSocket endpoints for the Open Charge Point Protocol OCPP affected versions not specified Description WebSocket endpoints lack proper authentication mechanisms, allowing attackers to perform unauthorized station impersonati...

EV2GO 代码问题漏洞

EV2GO is a electric vehicle charging facility management platform developed by the Russian company EV2GO. EV2GO has code-related vulnerabilities; these vulnerabilities stem from the predictable WebSocket backend session identifiers, which allow multiple endpoints to use the same session identifie...

Mobility46 访问控制错误漏洞

Mobility46 is a digital management platform for electric vehicle charging developed by the Swedish company Mobility46. There is an access control vulnerability in Mobility46; this vulnerability stems from the lack of proper authentication mechanisms in WebSocket endpoints, which may allow...

Mobility46 安全漏洞

Mobility46 is a digital management platform for electric vehicle charging developed by the Swedish company Mobility46. There is a security vulnerability in Mobility46, which stems from the lack of a limit on the number of authentication requests in the WebSocket application programming interface...

PT-2026-22241

Name of the Vulnerable Software and Affected Versions WebSocket backend affected versions not specified Description The backend utilizes charging station identifiers to uniquely associate sessions but permits multiple endpoints to connect using the same session identifier. This results in...

CVE-2026-25113 SWITCH EV swtchenergy.com Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

CVE-2026-25113 SWITCH EV swtchenergy.com Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

CVE-2026-25113

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

CVE-2026-25113

CVE-2026-25113 is supported by concrete technical details in connected docs: the WebSocket API lacks rate limiting on authentication requests, enabling potential denial-of-service and brute-force attacks. The PT-2026-22240 report notes affected WebSocket API with no specific vulnerable versions l...

CVE-2026-27767 SWITCH EV swtchenergy.com Missing Authentication for Critical Function

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...