CVE-2026-24912

Name of the Vulnerable Software and Affected Versions Versions (affected versions not specified)

Description The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This results in predictable session identifiers, enabling session hijacking or shadowing where a recent connection can displace a legitimate charging station and receive intended backend commands. This may allow unauthorized user authentication or a denial-of-service condition by overwhelming the backend with valid session requests.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.