CVE-2026-25114

CVE-2026-25114 affects the CloudCharge WebSocket API, described across multiple sources. The core issue is no rate limiting on authentication requests, enabling potential denial-of-service by suppressing/misrouting charger telemetry and brute-force attempts to gain access. Affected software versi...

CVE-2026-20781

CVE-2026-20781 concerns WebSocket endpoints used for Open Charge Point Protocol (OCPP) communications that lack proper authentication. The Red Hat, NVD, CVE listings describe an unauthenticated attacker who can connect to the OCPP WebSocket endpoint using a known or discovered charging-station id...

CVE-2026-27652

Summary: CVE-2026-27652 affects the CloudCharge WebSocket backend, where charging station identifiers are used to bind sessions but the system allows multiple endpoints to connect with the same session identifier. Root cause: implementation results in predictable session identifiers, enabling ses...

CVE-2026-20733

Technical details are not publicly provided in the supplied documents; they only reiterate that charging station authentication identifiers are publicly accessible via mapping platforms. Monitor for updates.