CVE-2026-26051
Analyzed Analyzed - Analysis Complete
Unauthorized Access via Unauthenticated OCPP WebSocket Endpoint

Publication date: 2026-03-06

Last updated on: 2026-05-05

Assigner: ICS-CERT

Description
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-06
Last Modified
2026-05-05
Generated
2026-05-07
AI Q&A
2026-03-06
EPSS Evaluated
2026-05-05
NVD
CVE-2026-26051
EUVD
EUVD-2026-10034
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mvm mobiliti_e-mobi.hu *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves WebSocket endpoints used by Mobiliti charging stations that lack proper authentication mechanisms.

An attacker who is not authenticated can connect to the Open Charge Point Protocol (OCPP) WebSocket endpoint by using a known or discovered charging station identifier.

Once connected, the attacker can issue or receive OCPP commands as if they were a legitimate charging station, enabling unauthorized station impersonation.

This can lead to privilege escalation, unauthorized control of the charging infrastructure, and corruption of the charging network data reported to the backend.


How can this vulnerability impact me? :

The vulnerability can have serious impacts including unauthorized administrative control over charging stations.

An attacker can manipulate the charging infrastructure, potentially causing disruption or misuse of the charging network.

It can also lead to corruption of charging network data reported to the backend, affecting data integrity.

Because no authentication is required, attackers can escalate privileges and control the system remotely without user interaction.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, it is recommended to minimize network exposure of control system devices and isolate control system networks behind firewalls.

Use secure remote access methods such as VPNs, while being aware of potential VPN vulnerabilities.

Perform proper impact analysis and risk assessment before deploying any mitigations.

Refer to additional guidance and best practices for industrial control systems cybersecurity available on the CISA ICS webpage.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart