CVE-2026-22878 Mobility46 mobility46.se Insufficiently Protected Credentials

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

CVE-2026-27647 Mobility46 mobility46.se Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

CVE-2026-26305 Mobility46 mobility46.se Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

CVE-2026-26305

CVE-2026-26305 concerns a WebSocket API that does not enforce a limit on authentication requests. Multiple sources (NVD, Red Hat, ENISA EUVD, CVE listing, vuln enrichment) describe the root cause as missing rate limiting, enabling potential denial-of-service by suppressing or misrouting charger t...

Mobility46 安全漏洞

Mobility46 is a digital management platform for electric vehicle charging developed by the Swedish company Mobility46. There is a security vulnerability in Mobility46, as the identity verification identifiers of charging stations can be accessed publicly through a web-based mapping platform...

Mobility46 访问控制错误漏洞

Mobility46 is a digital management platform for electric vehicle charging developed by the Swedish company Mobility46. There is an access control vulnerability in Mobility46; this vulnerability stems from the lack of proper authentication mechanisms in WebSocket endpoints, which may allow...

Mobility46 代码问题漏洞

Mobility46 is a digital management platform for electric vehicle charging developed by the Swedish company Mobility46. There are code-related vulnerabilities in Mobility46; these vulnerabilities stem from the WebSocket backend’s use of predictable session identifiers, which may lead to session...

Mobility46 安全漏洞

Mobility46 is a digital management platform for electric vehicle charging developed by the Swedish company Mobility46. There is a security vulnerability in Mobility46, which stems from the lack of a limit on the number of authentication requests in the WebSocket application programming interface...

Mobility46 mobility46.se

RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...