CVE Catalog

CVE-2026-40702

CriticalCVSS 9.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.38%

30th percentile — higher than 30% of all known CVEs

Summary

The vulnerability in WebSocket endpoints is due to the lack of proper authentication mechanisms, allowing attackers to impersonate charging stations. As a result, an attacker can gain unauthorized access to sensitive data or perform unauthorized actions.

Risk Assessment

The lack of authentication can lead to privilege escalation and potentially compromise the security of the entire system, enabling attackers to take control of charging stations and access critical data.

Recommendation

Implement authentication mechanisms for all WebSocket endpoints, such as using JWT tokens or client certificates, and regularly audit the configuration for correct implementation.

Original NVD description (English source)

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is required, this can lead to privilege escalation and potentially compromise the security of the entire system.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS