CVE-2026-40702
CriticalCVSS 9.4Exploitation Probability (EPSS)
Low risk30th percentile — higher than 30% of all known CVEs
Summary
The vulnerability in WebSocket endpoints is due to the lack of proper authentication mechanisms, allowing attackers to impersonate charging stations. As a result, an attacker can gain unauthorized access to sensitive data or perform unauthorized actions.
Risk Assessment
The lack of authentication can lead to privilege escalation and potentially compromise the security of the entire system, enabling attackers to take control of charging stations and access critical data.
Recommendation
Implement authentication mechanisms for all WebSocket endpoints, such as using JWT tokens or client certificates, and regularly audit the configuration for correct implementation.
Original NVD description (English source)
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is required, this can lead to privilege escalation and potentially compromise the security of the entire system.

