CVE-2026-27772

Name of the Vulnerable Software and Affected Versions Systems utilizing WebSocket endpoints for the Open Charge Point Protocol (OCPP) (affected versions not specified)

Description WebSocket endpoints lack proper authentication mechanisms, allowing unauthenticated attackers to connect and impersonate legitimate charging stations. This enables attackers to issue or receive OCPP commands, potentially leading to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend. An attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier. The vulnerability allows manipulation of data sent to the backend.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.