EUVD-2026-10034

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

ePower 访问控制错误漏洞

ePower is a electric vehicle charging station system owned by the Irish company ePower. ePower has a security access control vulnerability, which stems from the lack of an authentication mechanism in WebSocket endpoints. This vulnerability could allow unverified attackers to perform unauthorized...

PT-2026-23714

Name of the Vulnerable Software and Affected Versions OCPP affected versions not specified Description The WebSocket endpoints do not have sufficient authentication, allowing attackers to impersonate charging stations and manipulate data transmitted to the backend. An unauthenticated attacker can...

Mobiliti 访问控制错误漏洞

Mobiliti is an electric vehicle charging station system developed by the Hungarian company Mobiliti. Mobiliti has a security access control vulnerability, which stems from the lack of proper authentication mechanisms for WebSocket endpoints. This vulnerability could allow unauthorized sites to...

CVE-2026-24731

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

EV2GO 访问控制错误漏洞

EV2GO is a electric vehicle charging facility management platform developed by the Russian company EV2GO. EV2GO has a access control vulnerability, which stems from the lack of proper authentication mechanisms in WebSocket endpoints. This vulnerability could allow unauthorized attackers to perfor...

CVE-2026-27767 SWITCH EV swtchenergy.com Missing Authentication for Critical Function

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

CVE-2026-27767

The CVE-2026-27767 issue concerns WebSocket endpoints used for Open Charge Point Protocol (OCPP) in charging-station infrastructure. The underlying vulnerability is lack of authentication on these endpoints, allowing an unauthenticated attacker to connect with a known or discovered charging-stati...

CVE-2026-20781

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...