Cloudcharge.Se
CVE-2026-20733
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
AnalysisAI
Cloudcharge.Se charging stations expose authentication credentials through publicly accessible web-based mapping platforms, allowing unauthenticated attackers to discover and potentially intercept sensitive station identifiers. This exposure could enable unauthorized access to charging infrastructure or user accounts without requiring authentication bypass techniques. No patch is currently available for this vulnerability.
Technical ContextAI
Classified as CWE-522 (Insufficiently Protected Credentials). Affects Cloudcharge.Se. Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Cloudcharge.Se
View allMissing WebSocket authentication in industrial/IoT device management allows unauthenticated attackers to perform station
Cloudcharge.Se's WebSocket API fails to implement authentication rate limiting, enabling attackers to launch denial-of-s
Session hijacking in Cloudcharge.Se's WebSocket backend allows remote attackers to impersonate legitimate charging stati
Same weakness CWE-522 – Insufficiently Protected Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today