Mobility46.Se
CVE-2026-22878
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
AnalysisAI
Mobility46.Se charging stations expose authentication credentials through publicly accessible web-based mapping platforms, allowing unauthenticated attackers to obtain sensitive authentication data. This disclosure could enable unauthorized access to charging infrastructure and associated user accounts. No patch is currently available to address this exposure.
Technical ContextAI
Classified as CWE-522 (Insufficiently Protected Credentials). Affects Mobility46.Se. Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Mobility46.Se
View allMissing WebSocket authentication — sixth CVE in the industrial platform WebSocket family. Same pattern of unauthenticate
Mobility46.Se's WebSocket API fails to implement authentication rate limiting, enabling remote attackers to launch denia
Mobility46.Se's WebSocket implementation allows multiple connections to share predictable session identifiers, enabling
Same weakness CWE-522 – Insufficiently Protected Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today