4 matches found
CVE-2026-24731
CVE-2026-24731 affects EV2GO EV2GO ev2go.io: WebSocket endpoints lack authentication, allowing unauthenticated charging stations to impersonate a station and issue/receive OCPP commands to the backend. Root cause: missing authentication at the OCPP WebSocket endpoint enabling privilege escalation...
CVE-2026-22890
Technical details are not publicly available in the provided documents. Monitor for updates from the listed sources to determine affected products, root cause, impact, and remediation.
CVE-2026-25945
The CVE-2026-25945 issue concerns the WebSocket API, where there is no limit on authentication attempts. This vulnerability could allow an attacker to perform denial-of-service by suppressing or misrouting charger telemetry, or carry out brute-force attempts to gain unauthorized access. Connected...
CVE-2026-20895
The CVE-2026-20895 entry describes a vulnerability in the WebSocket backend used by EV2GO ev2go.io where session identifiers are used to bind sessions to charging stations but can be reused across multiple endpoints. This leads to predictable session identifiers and enables session hijacking or s...