CVE-2026-20748
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
2Description
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.
Analysis
WebSocket session management in charging station backends allows multiple connections using identical session identifiers, enabling attackers to hijack legitimate sessions and intercept commands or impersonate authorized stations. Unauthenticated remote attackers can exploit this predictable identifier scheme to displace active connections, redirect backend communications, or launch denial-of-service attacks against the charging infrastructure. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Isolate affected WebSocket endpoints from production if operationally feasible, or implement network-level access restrictions to trusted sources only. Within 7 days: Deploy compensating controls including WAF rules to detect and block duplicate session identifiers, implement session binding to client IP addresses, and enable comprehensive logging of all WebSocket connection attempts. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today