CVE-2026-27649

Name of the Vulnerable Software and Affected Versions Charging Station Backend (affected versions not specified)

Description The WebSocket backend uses charging station identifiers to associate sessions, but allows multiple endpoints to connect using the same session identifier. This results in predictable session identifiers, enabling session hijacking or shadowing. A recent connection can displace a legitimate charging station and receive backend commands intended for that station. This may allow unauthorized authentication or a denial-of-service condition by overwhelming the backend with valid session requests. The vulnerability involves the use of the same session identifier for multiple endpoints, potentially allowing a malicious actor to intercept and manipulate communication with charging stations.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.