Ev2go.Io
CVE-2026-22890
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
AnalysisAI
Ev2go.Io charging stations expose authentication credentials through publicly accessible web-based mapping platforms, allowing unauthenticated remote attackers to obtain sensitive identification data. This exposure could enable unauthorized access to charging infrastructure or facilitate further attacks against connected systems. No patch is currently available for this vulnerability.
Technical ContextAI
Classified as CWE-522 (Insufficiently Protected Credentials). Affects Ev2Go.Io. Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Missing WebSocket authentication vulnerability identical to CVE-2026-20781. Unauthenticated attackers can perform statio
Ev2go.Io's WebSocket API lacks authentication rate limiting, enabling attackers to launch denial-of-service attacks that
Session hijacking in Ev2go.Io's WebSocket backend allows remote attackers to impersonate legitimate charging stations an
Same weakness CWE-522 – Insufficiently Protected Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today