CVE-2026-27652

Name of the Vulnerable Software and Affected Versions WebSocket backend (affected versions not specified)

Description The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This results in predictable session identifiers, enabling session hijacking or shadowing. A recent connection can displace the legitimate charging station and receive backend commands intended for it. This may allow unauthorized users to authenticate as others or cause a denial-of-service condition by overwhelming the backend with valid session requests. The vulnerability involves the use of session identifiers and affects the association of sessions with charging stations.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.