Description
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
Published: 2026-02-26
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Credential Exposure (Public access to authentication identifiers)
Action: Assess Impact
AI Analysis

Impact

The vulnerability allows unauthorized users to access charging station authentication identifiers that are publicly exposed through web-based mapping platforms. This exposes credentials needed to authenticate to charging stations, enabling attackers to potentially gain unauthorized access or impersonate legitimate users. The weakness is a lack of proper credential protection (CWE-522).

Affected Systems

The affected systems are the Chargemap platform hosted at chargemap.com and its public web mapping APIs. The specific product version is not disclosed; any deployment of this service that exposes authentication identifiers is vulnerable.

Risk and Exploitability

The CVSS score is 6.9, indicating a medium severity risk. The EPSS score is below 1 %, suggesting low current exploitation probability, and the vulnerability is not listed in CISA's KEV catalog. Attackers could exploit this weakness remotely via the web interface without required authentication, retrieving credentials that could be reused to access or manipulate charging stations.

Generated by OpenCVE AI on April 16, 2026 at 15:52 UTC.

Remediation

Vendor Workaround

Chargemap did not respond to CISA's request for coordination. Contact Chargemap using their contact page here: https://chargemap.com/en-us/support for more information.

OpenCVE Recommended Actions

  • Contact Chargemap support to request immediate remediation of credential exposure.
  • Modify the platform configuration or APIs to remove public exposure of authentication identifiers.
  • Monitor system logs and user activity for signs of credential misuse or unauthorized sessions.
  • Implement network firewall rules to restrict access to credential endpoints to trusted IP ranges.

Generated by OpenCVE AI on April 16, 2026 at 15:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 05 Mar 2026 20:00:00 +0000

Type Values Removed Values Added
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}

Mon, 02 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:chargemap:chargemap.com:*:*:*:*:*:*:*:*

Fri, 27 Feb 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Chargemap
Chargemap chargemap.com
Vendors & Products Chargemap
Chargemap chargemap.com

Thu, 26 Feb 2026 23:30:00 +0000

Type Values Removed Values Added
Description Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
Title Chargemap chargemap.com Insufficiently Protected Credentials
Weaknesses CWE-522
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

Subscriptions

Chargemap Chargemap.com
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-03-05T19:41:21.033Z

Reserved: 2026-02-20T18:28:15.485Z

Link: CVE-2026-20791

cve-icon Vulnrichment

Updated: 2026-03-02T20:38:38.095Z

cve-icon NVD

Status : Modified

Published: 2026-02-27T00:16:56.010

Modified: 2026-03-05T20:16:12.133

Link: CVE-2026-20791

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T16:00:13Z

Weaknesses
  • CWE-522

    Insufficiently Protected Credentials