CVE-2026-27772CRITICAL 9.8EPSS p40.6%

CVE-2026-27772CVE-2026-27772

Description

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.53% probability of exploitation · percentile 40.6% · 2026-06-19T12:03:05Z
Published2026-02-27
Last modified2026-03-05

Underlying weaknesses· 1

CWE-306

References

  1. https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-07.json
  2. https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-07
  3. https://www.ev.energy/en-us

1

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-27767
CVE
CVE-2026-24731
CVE
CVE-2026-29796
CVE
CVE-2026-26288
CVE
CVE-2026-22552
CVE
CVE-2026-25851
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.