Chargemap.Com
CVE-2026-20791
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
AnalysisAI
Chargemap.Com exposes charging station authentication credentials through publicly accessible web-based mapping interfaces, allowing unauthenticated attackers to obtain sensitive authentication data. This vulnerability enables attackers to potentially access or manipulate charging station services, affecting users and operators who rely on the platform. No patch is currently available to remediate this exposure.
Technical ContextAI
Classified as CWE-522 (Insufficiently Protected Credentials). Affects Chargemap.Com. Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Chargemap.Com
View allMissing WebSocket authentication vulnerability — same family as CVE-2026-20781 and CVE-2026-24731. Unauthenticated acces
Chargemap.Com's WebSocket API lacks authentication rate limiting, enabling attackers to launch denial-of-service attacks
Chargemap.Com's WebSocket backend accepts multiple connections with identical session identifiers, allowing attackers to
Same weakness CWE-522 – Insufficiently Protected Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today