CVE-2026-20791 identifies a vulnerability in Chargemap's web-based mapping platform, chargemap.com, where charging station authentication identifiers are insufficiently protected and publicly accessible. This vulnerability is classified under CWE-522, which pertains to the exposure of sensitive credentials due to inadequate protection mechanisms. The flaw affects all versions of the product and was published on February 26, 2026. The CVSS v3.1 base score is 6.5, indicating a medium severity level. The vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) shows that the vulnerability is remotely exploitable over the network without requiring privileges or user interaction, impacting confidentiality and integrity to a limited extent but not availability. The exposed authentication identifiers could allow attackers to impersonate legitimate charging stations or manipulate authentication processes, potentially leading to unauthorized access or fraudulent use of charging infrastructure. Although no exploits have been reported in the wild, the public accessibility of these credentials presents a risk for targeted attacks or data harvesting. The vulnerability highlights a critical security oversight in protecting sensitive authentication data within the EV charging ecosystem, which could undermine trust and operational security. The lack of patch links suggests that a fix may not yet be available, emphasizing the need for immediate compensating controls and vendor engagement. This issue is particularly relevant as EV infrastructure expands globally, increasing the attack surface for such vulnerabilities.

The primary impact of CVE-2026-20791 lies in the potential compromise of confidentiality and integrity of charging station authentication credentials. Attackers gaining access to these identifiers could impersonate legitimate charging stations, enabling fraudulent charging sessions, unauthorized access to networked charging infrastructure, or manipulation of billing and usage data. This could lead to financial losses for service providers and users, erosion of trust in EV charging networks, and potential disruption of services. Although availability is not directly affected, the integrity compromise could indirectly impact service reliability if attackers manipulate authentication processes. Organizations worldwide that depend on Chargemap's platform for mapping and managing EV charging stations face increased risk of targeted attacks, especially as EV adoption grows. The exposure of credentials also raises privacy concerns, as attackers might correlate usage patterns or locations. The absence of known exploits in the wild currently limits immediate widespread impact, but the vulnerability's ease of exploitation and public exposure make it a significant concern for infrastructure security and operational continuity.

To mitigate CVE-2026-20791, organizations and Chargemap should implement immediate and specific measures beyond generic advice: 1) Restrict public access to charging station authentication identifiers by enforcing strict access controls and authentication on the mapping platform. 2) Employ encryption and secure storage mechanisms for all sensitive credentials to prevent unauthorized disclosure. 3) Introduce tokenization or ephemeral credentials that limit the usefulness of exposed identifiers. 4) Monitor network traffic and platform logs for anomalous activities indicative of credential misuse or impersonation attempts. 5) Engage with Chargemap to prioritize development and deployment of patches or updates that address this vulnerability. 6) Educate users and administrators about the risks of credential exposure and encourage prompt reporting of suspicious behavior. 7) Consider implementing multi-factor authentication or additional verification layers for charging station access where feasible. 8) Conduct regular security assessments and penetration testing focused on credential management and exposure risks within EV infrastructure platforms. These targeted actions will reduce the attack surface and enhance the resilience of EV charging networks against exploitation of this vulnerability.