Description
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
Published: 2026-02-27
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access via exposed authentication identifiers
Action: Contact vendor
AI Analysis

Impact

This vulnerability allows public access to charging station authentication identifiers through web‑based mapping platforms. Because authentication identifiers are exposed without sufficient protection, an attacker can read these credentials and potentially authenticate as the charging station, granting unauthorized control or disruption of service. The weakness aligns with CWE‑522, insufficiently protected credentials, which undermines confidentiality and integrity of the authentication data.

Affected Systems

The affected product is Mobility46 mobile charging stations provided by Mobility46 (mobility46.se). No specific product version information is provided in the advisory.

Risk and Exploitability

The CVSS score is 6.9, indicating a medium risk. The EPSS value is below 1 %, suggesting that documented exploitation is unlikely but should not be ignored. The threat is not yet present in CISA’s KEV catalog. The vulnerability can be exploited by an attacker who can access the public mapping interface; once credentials are acquired, the attacker can log into the charging station’s control system. The lack of authorization controls and the public exposure of credentials are the primary risk factors.

Generated by OpenCVE AI on April 17, 2026 at 14:08 UTC.

Remediation

Vendor Workaround

Mobility46 did not respond to CISA's request for coordination. Contact Mobility46 using their contact page here: https://www.mobility46.se/en/contact-us for more information.

OpenCVE Recommended Actions

  • Contact Mobility46 via their official contact page for remediation guidance.
  • Restrict the public mapping interface so authentication identifiers are not disclosed; enforce HTTPS and backend access controls.
  • Enforce stronger authentication mechanisms, such as multi‑factor or token‑based authentication, for charging station access.

Generated by OpenCVE AI on April 17, 2026 at 14:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 05 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}

Mon, 02 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mobility46:mobility46.se:*:*:*:*:*:*:*:*

Fri, 27 Feb 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Mobility46
Mobility46 mobility46.se
Vendors & Products Mobility46
Mobility46 mobility46.se

Fri, 27 Feb 2026 01:00:00 +0000

Type Values Removed Values Added
Description Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
Title Mobility46 mobility46.se Insufficiently Protected Credentials
Weaknesses CWE-522
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

Subscriptions

Mobility46 Mobility46.se
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-03-05T20:12:12.296Z

Reserved: 2026-02-24T00:35:18.435Z

Link: CVE-2026-22878

cve-icon Vulnrichment

Updated: 2026-03-02T19:44:28.882Z

cve-icon NVD

Status : Modified

Published: 2026-02-27T01:16:18.260

Modified: 2026-03-05T21:16:14.750

Link: CVE-2026-22878

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T14:15:21Z

Weaknesses
  • CWE-522

    Insufficiently Protected Credentials