Description
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
Published: 2026-03-06
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Potential exposure of authentication identifiers, leading to credential leakage.
Action: Apply Workaround
AI Analysis

Impact

The vulnerability arises when authentication identifiers used by the Everon charging station are publicly accessible through web-based mapping platforms. This insufficient protection of credentials allows an attacker to obtain sensitive credential information, potentially facilitating unauthorized access or fraudulent activity. The weakness is classified under CWE-522, indicating a lack of secure storage and protection for authentication data.

Affected Systems

The affected system is Everon’s API platform (api.everon.io), with no specific product or version details provided; the issue is associated with the platform’s handling of authentication identifiers.

Risk and Exploitability

The CVSS score of 6.9 denotes a moderate severity, while the EPSS score of less than 1% indicates a very low probability of exploitation at present. The CVE is not listed in CISA’s KEV catalog, suggesting no known widespread exploitation. The likely attack vector is remote, involving publicly available web mapping services that expose sensitive authentication data. Because the platform was shut down on December 1, 2025, the immediate risk is mitigated, but the underlying exposure would remain if the system were reactivated without remediation.

Generated by OpenCVE AI on April 16, 2026 at 11:21 UTC.

Remediation

Vendor Workaround

Everon shut down their platform on December 1st, 2025.

OpenCVE Recommended Actions

  • Temporarily shut down the Everon API platform to prevent further credential exposure.
  • Remove or encrypt authentication identifiers so that they are no longer publicly accessible.
  • Implement robust access controls and secure credential storage mechanisms on the API to prevent future exposure.

Generated by OpenCVE AI on April 16, 2026 at 11:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 10 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 09 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Everon
Everon api.everon.io
Vendors & Products Everon
Everon api.everon.io

Fri, 06 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
Description Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
Title Everon api.everon.io Insufficiently Protected Credentials
Weaknesses CWE-522
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Everon Api.everon.io
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-03-10T17:58:59.842Z

Reserved: 2026-02-25T15:28:27.146Z

Link: CVE-2026-27027

cve-icon Vulnrichment

Updated: 2026-03-10T17:47:46.007Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-06T16:16:10.940

Modified: 2026-03-10T18:18:43.977

Link: CVE-2026-27027

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T11:30:15Z

Weaknesses