CVE-2026-20733 is classified under CWE-522, indicating insufficient protection of credentials. The vulnerability affects all versions of CloudCharge's cloudcharge.se platform, which manages authentication identifiers for EV charging stations. These identifiers are exposed publicly through web-based mapping platforms, allowing anyone to access them without authentication or user interaction. The CVSS 3.1 base score is 6.5, reflecting a medium severity level due to the vulnerability's network attack vector, low attack complexity, and no privileges or user interaction required. The exposure of authentication identifiers compromises confidentiality and integrity by potentially enabling unauthorized users to impersonate legitimate charging stations or users, manipulate charging sessions, or disrupt service. Although availability impact is not evident, the integrity and confidentiality risks could lead to financial losses, reputational damage, and operational disruptions. No patches or fixes have been published yet, and no known exploits have been reported in the wild. The vulnerability was reserved and published in February 2026 by ICS-CERT. The affected product is widely used in EV charging infrastructure, making this a significant concern for organizations managing such assets.

The primary impact of CVE-2026-20733 is the exposure of authentication credentials for EV charging stations, which can lead to unauthorized access and misuse. Attackers could potentially impersonate legitimate users or stations, manipulate charging sessions, or disrupt service integrity. This could result in financial losses due to fraudulent charging, denial of service to legitimate users, and erosion of trust in EV infrastructure providers. Organizations operating large EV charging networks or providing related services are at risk of operational disruptions and reputational damage. The vulnerability affects confidentiality and integrity but does not directly impact availability. Given the growing reliance on EV infrastructure worldwide, the threat could have widespread implications, especially in countries with high EV adoption and CloudCharge market penetration. The lack of authentication and user interaction requirements lowers the barrier for exploitation, increasing the risk profile.

To mitigate CVE-2026-20733, organizations should immediately audit their exposure of authentication identifiers on public platforms and restrict access to authorized personnel only. Implement network segmentation and access controls to ensure that sensitive credentials are not publicly accessible via web-based mapping services. Employ encryption and tokenization for authentication identifiers to prevent direct exposure. Monitor logs and network traffic for suspicious access patterns or attempts to use exposed credentials. Coordinate with CloudCharge to obtain patches or updates once available and apply them promptly. Additionally, consider implementing multi-factor authentication and anomaly detection mechanisms for charging station access. Regularly review and update security policies related to credential management and public data exposure. Educate staff and partners about the risks associated with credential exposure and enforce strict data handling procedures.