CVE-2026-32663

Name of the Vulnerable Software and Affected Versions (affected versions not specified)

Description The WebSocket backend associates sessions using charging station identifiers, but permits multiple endpoints to connect with the same session identifier. This leads to predictable session identifiers, potentially enabling session hijacking or shadowing. A recent connection can displace a legitimate charging station, receiving backend commands intended for it. This could allow unauthorized authentication or a denial-of-service condition by overwhelming the backend with session requests.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.