CVE-2026-27647
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
2Description
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.
Analysis
Mobility46.Se's WebSocket implementation allows multiple connections to share predictable session identifiers, enabling attackers to intercept and hijack active charging station sessions without authentication. An attacker can impersonate legitimate stations to execute arbitrary backend commands, intercept communications, or launch denial-of-service attacks by flooding the service with valid session requests. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running affected WebSocket backends and isolate them from untrusted networks; enable enhanced logging on all WebSocket connections. Within 7 days: Implement network segmentation to restrict WebSocket endpoint access to authorized sources only; deploy WAF rules to detect and block suspicious multi-endpoint session reuse patterns. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today