Description
The WebSocket backend uses charging station identifiers to uniquely
associate sessions but allows multiple endpoints to connect using the
same session identifier. This implementation results in predictable
session identifiers and enables session hijacking or shadowing, where
the most recent connection displaces the legitimate charging station and
receives backend commands intended for that station. This vulnerability
may allow unauthorized users to authenticate as other users or enable a
malicious actor to cause a denial-of-service condition by overwhelming
the backend with valid session requests.
Published: 2026-02-26
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Session Hijacking and Denial of Service
Action: Contact Vendor
AI Analysis

Impact

The WebSocket backend of CloudCharge's cloudcharge.se platform uses charging station identifiers as session tokens but fails to invalidate or randomize them, so session identifiers are predictable. This design permits attackers to hijack or shadow existing sessions, authenticating as other charging stations and receiving backend commands intended for those stations. The flaw can also be used to cause denial of service by sending a flood of legitimate session requests that overwhelm the backend.

Affected Systems

The vulnerability affects CloudCharge's cloudcharge.se application. No specific product versions are listed, implying that all releases may be susceptible until the vendor releases a fix.

Risk and Exploitability

The CVSS v3 score of 6.9 denotes moderate severity, while an EPSS score below 1% indicates exploitation likelihood is low at present. The vulnerability is not yet in the CISA KEV catalog. Attackers could exploit it remotely by establishing WebSocket connections with crafted session identifiers, requiring network visibility to the backend. If exploited successfully, attackers can execute commands on behalf of hijacked stations or overload the backend, disrupting service availability.

Generated by OpenCVE AI on April 16, 2026 at 06:01 UTC.

Remediation

Vendor Workaround

CloudCharge did not respond to CISA's request for coordination. Contact CloudCharge using their contact page here: https://cloudcharge.tech/support/contact/ for more information.

OpenCVE Recommended Actions

  • Contact CloudCharge support to request a fix for improper session handling
  • Implement network segmentation or firewall rules to restrict WebSocket access to trusted IP ranges only
  • Monitor WebSocket traffic for abnormal session patterns and unauthorized connections, raising alerts promptly
  • Plan for patch or upgrade when a version with proper session expiration is released

Generated by OpenCVE AI on April 16, 2026 at 06:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 05 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}

Tue, 03 Mar 2026 06:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:cloudcharge:cloudcharge.se:*:*:*:*:*:*:*:*

Fri, 27 Feb 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Cloudcharge
Cloudcharge cloudcharge.se
Vendors & Products Cloudcharge
Cloudcharge cloudcharge.se

Fri, 27 Feb 2026 00:00:00 +0000

Type Values Removed Values Added
Description The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.
Title CloudCharge cloudcharge.se Insufficient Session Expiration
Weaknesses CWE-613
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Cloudcharge Cloudcharge.se
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-03-31T14:18:01.596Z

Reserved: 2026-02-24T00:00:40.014Z

Link: CVE-2026-27652

cve-icon Vulnrichment

Updated: 2026-03-03T01:35:22.898Z

cve-icon NVD

Status : Modified

Published: 2026-02-27T00:16:57.900

Modified: 2026-03-05T21:16:17.790

Link: CVE-2026-27652

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T06:15:26Z

Weaknesses