3 matches found
CVE-2026-25192
CVE-2026-25192 affects WebSocket endpoints (OCPP) used for charging stations, where no authentication is required. The Red Hat, EUVD, and NVD entries describe an unauthenticated attacker connecting to the OCPP WebSocket endpoint with a known or discovered charging station identifier and issuing o...
CVE-2026-31904
CVE-2026-31904 concerns the WebSocket API used by CTEK Chargeportal. The issue arises from a lack of rate limiting on authentication requests within the WebSocket interface, which could allow an attacker to perform denial-of-service attacks that suppress or mis-route charger telemetry, or execute...
CVE-2026-27649
Summary: CVE-2026-27649 describes a flaw in the WebSocket backend where charging-station session identifiers are not unique, allowing multiple endpoints to reuse the same session ID. This leads to predictable session identifiers and enables session hijacking or shadowing, where a newer connection...