The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.
References
Configurations
No configuration.
History
25 Jun 2026, 22:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-25 22:17
Updated : 2026-06-26 20:21
NVD link : CVE-2026-54479
Mitre link : CVE-2026-54479
CVE.ORG link : CVE-2026-54479
JSON object : View
Products Affected
No product.
CWE
CWE-613
Insufficient Session Expiration
