CVE-2026-27028: CWE-306 in Mobility46 mobility46.se
CVE-2026-27028 is a critical vulnerability in Mobility46's mobility46. se platform affecting all versions. The issue arises from WebSocket endpoints lacking proper authentication, allowing unauthenticated attackers to impersonate charging stations by using known or discovered station identifiers. Attackers can then issue or receive Open Charge Point Protocol (OCPP) commands as if they were legitimate chargers, leading to unauthorized control over charging infrastructure and manipulation of backend data. This vulnerability enables privilege escalation and data corruption within the charging network. Exploitation requires no user interaction or authentication and can be performed remotely over the network. Although no known exploits are currently reported in the wild, the high CVSS score of 9. 4 reflects the severe impact on confidentiality, integrity, and partial availability. Organizations operating electric vehicle charging infrastructure using Mobility46 products are at significant risk. Immediate mitigation involves implementing strong authentication on WebSocket endpoints and monitoring for anomalous OCPP traffic.
AI Analysis
Technical Summary
CVE-2026-27028 is a critical security vulnerability identified in all versions of the Mobility46 mobility46.se platform, specifically related to the handling of WebSocket endpoints used for Open Charge Point Protocol (OCPP) communications. The root cause is the absence of proper authentication mechanisms on these WebSocket endpoints, which allows unauthenticated attackers to connect by simply using a known or discovered charging station identifier. Once connected, attackers can impersonate legitimate charging stations, issuing or receiving OCPP commands to manipulate charging operations and backend data. This lack of authentication constitutes a CWE-306 (Missing Authentication for Critical Function) weakness. The vulnerability enables attackers to escalate privileges within the charging network, potentially gaining unauthorized control over charging stations, altering charging schedules, disrupting billing data, or corrupting operational metrics reported to the backend. The attack vector is network-based with no requirement for user interaction or prior authentication, making exploitation straightforward. The CVSS v3.1 score of 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L) reflects the high confidentiality and integrity impact, with a lesser but notable availability impact. Although no public exploits have been observed, the vulnerability poses a significant threat to the security and reliability of electric vehicle charging infrastructure managed by Mobility46. The lack of patch information suggests that remediation may require vendor intervention or configuration changes to enforce authentication on WebSocket connections.
Potential Impact
The impact of CVE-2026-27028 is substantial for organizations operating electric vehicle charging infrastructure using Mobility46 products. Unauthorized station impersonation can lead to unauthorized control over charging stations, enabling attackers to manipulate charging sessions, disrupt service availability, or falsify billing and usage data. This compromises the confidentiality and integrity of operational data and can result in financial losses, reputational damage, and regulatory non-compliance. Additionally, attackers could potentially use compromised charging stations as pivot points to infiltrate broader network segments, increasing the risk of lateral movement and further compromise. The partial availability impact may cause intermittent service disruptions, affecting customer satisfaction and operational continuity. Given the critical role of EV charging infrastructure in modern transportation and energy ecosystems, such attacks could have cascading effects on energy management and smart grid operations. The vulnerability's ease of exploitation and lack of authentication requirements amplify the risk, making it a high-priority concern for infrastructure operators worldwide.
Mitigation Recommendations
To mitigate CVE-2026-27028, organizations should immediately implement strong authentication mechanisms on all WebSocket endpoints handling OCPP communications. This includes enforcing mutual TLS authentication or token-based authentication to ensure only authorized charging stations can connect. Network segmentation should be applied to isolate charging infrastructure from other critical systems, limiting the attack surface. Monitoring and anomaly detection systems should be deployed to identify unusual OCPP command patterns or connections from unexpected station identifiers. Operators should audit and restrict access to charging station identifiers to prevent unauthorized discovery. If vendor patches or updates become available, they must be applied promptly. Additionally, implementing rate limiting and connection throttling on WebSocket endpoints can reduce the risk of brute force or enumeration attacks. Regular security assessments and penetration testing focused on charging infrastructure are recommended to identify and remediate similar weaknesses proactively. Finally, organizations should establish incident response plans specific to EV charging infrastructure compromises.
Affected Countries
United States, Germany, Netherlands, United Kingdom, France, China, Japan, South Korea, Canada, Australia
CVE-2026-27028: CWE-306 in Mobility46 mobility46.se
Description
CVE-2026-27028 is a critical vulnerability in Mobility46's mobility46. se platform affecting all versions. The issue arises from WebSocket endpoints lacking proper authentication, allowing unauthenticated attackers to impersonate charging stations by using known or discovered station identifiers. Attackers can then issue or receive Open Charge Point Protocol (OCPP) commands as if they were legitimate chargers, leading to unauthorized control over charging infrastructure and manipulation of backend data. This vulnerability enables privilege escalation and data corruption within the charging network. Exploitation requires no user interaction or authentication and can be performed remotely over the network. Although no known exploits are currently reported in the wild, the high CVSS score of 9. 4 reflects the severe impact on confidentiality, integrity, and partial availability. Organizations operating electric vehicle charging infrastructure using Mobility46 products are at significant risk. Immediate mitigation involves implementing strong authentication on WebSocket endpoints and monitoring for anomalous OCPP traffic.
AI-Powered Analysis
Technical Analysis
CVE-2026-27028 is a critical security vulnerability identified in all versions of the Mobility46 mobility46.se platform, specifically related to the handling of WebSocket endpoints used for Open Charge Point Protocol (OCPP) communications. The root cause is the absence of proper authentication mechanisms on these WebSocket endpoints, which allows unauthenticated attackers to connect by simply using a known or discovered charging station identifier. Once connected, attackers can impersonate legitimate charging stations, issuing or receiving OCPP commands to manipulate charging operations and backend data. This lack of authentication constitutes a CWE-306 (Missing Authentication for Critical Function) weakness. The vulnerability enables attackers to escalate privileges within the charging network, potentially gaining unauthorized control over charging stations, altering charging schedules, disrupting billing data, or corrupting operational metrics reported to the backend. The attack vector is network-based with no requirement for user interaction or prior authentication, making exploitation straightforward. The CVSS v3.1 score of 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L) reflects the high confidentiality and integrity impact, with a lesser but notable availability impact. Although no public exploits have been observed, the vulnerability poses a significant threat to the security and reliability of electric vehicle charging infrastructure managed by Mobility46. The lack of patch information suggests that remediation may require vendor intervention or configuration changes to enforce authentication on WebSocket connections.
Potential Impact
The impact of CVE-2026-27028 is substantial for organizations operating electric vehicle charging infrastructure using Mobility46 products. Unauthorized station impersonation can lead to unauthorized control over charging stations, enabling attackers to manipulate charging sessions, disrupt service availability, or falsify billing and usage data. This compromises the confidentiality and integrity of operational data and can result in financial losses, reputational damage, and regulatory non-compliance. Additionally, attackers could potentially use compromised charging stations as pivot points to infiltrate broader network segments, increasing the risk of lateral movement and further compromise. The partial availability impact may cause intermittent service disruptions, affecting customer satisfaction and operational continuity. Given the critical role of EV charging infrastructure in modern transportation and energy ecosystems, such attacks could have cascading effects on energy management and smart grid operations. The vulnerability's ease of exploitation and lack of authentication requirements amplify the risk, making it a high-priority concern for infrastructure operators worldwide.
Mitigation Recommendations
To mitigate CVE-2026-27028, organizations should immediately implement strong authentication mechanisms on all WebSocket endpoints handling OCPP communications. This includes enforcing mutual TLS authentication or token-based authentication to ensure only authorized charging stations can connect. Network segmentation should be applied to isolate charging infrastructure from other critical systems, limiting the attack surface. Monitoring and anomaly detection systems should be deployed to identify unusual OCPP command patterns or connections from unexpected station identifiers. Operators should audit and restrict access to charging station identifiers to prevent unauthorized discovery. If vendor patches or updates become available, they must be applied promptly. Additionally, implementing rate limiting and connection throttling on WebSocket endpoints can reduce the risk of brute force or enumeration attacks. Regular security assessments and penetration testing focused on charging infrastructure are recommended to identify and remediate similar weaknesses proactively. Finally, organizations should establish incident response plans specific to EV charging infrastructure compromises.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- icscert
- Date Reserved
- 2026-02-24T00:35:18.464Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69a0ebae32ffcdb8a293f331
Added to database: 2/27/2026, 12:56:14 AM
Last enriched: 2/27/2026, 1:10:55 AM
Last updated: 2/27/2026, 2:14:45 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-3274: Buffer Overflow in Tenda F453
HighCVE-2026-3037: CWE-78 in Copeland Copeland XWEB 300D PRO
HighCVE-2026-25721: CWE-78 in Copeland Copeland XWEB 300D PRO
HighCVE-2026-25196: CWE-78 in Copeland Copeland XWEB 300D PRO
HighCVE-2026-25105: CWE-78 in Copeland Copeland XWEB 300D PRO
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.