CVE-2026-44383
Received
Received - Intake
Malicious OCPP Client Overload in Charging Station Backend
Vulnerability report for CVE-2026-44383, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-10
Last updated on: 2026-07-10
Assigner: ICS-CERT
Description
Description
Multiple connections to the backend using the same charging station ID
are allowed, which could allow an attacker to deploy multiple instances
of malicious OCPP clients to overwhelm the backend.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-613 | According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization." |