CVE-2026-27647: CWE-613 in Mobility46 mobility46.se
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.
AI Analysis
Technical Summary
The vulnerability arises from the WebSocket backend using charging station identifiers as session identifiers but permitting multiple connections with the same identifier. This design flaw leads to predictable session identifiers, enabling session hijacking or shadowing attacks. An attacker can displace a legitimate charging station's session, intercept commands, or cause denial-of-service by flooding the backend with session requests. The issue is categorized under CWE-613 (Insufficient Session Expiration). The vulnerability affects all versions of mobility46.se and was published on 2026-02-27. No known exploits are reported in the wild, and no patch or vendor advisory detailing remediation is currently available.
Potential Impact
An attacker can hijack or shadow sessions by connecting with the same session identifier, potentially authenticating as other users or displacing legitimate charging stations. This can lead to unauthorized command execution or denial-of-service conditions by overwhelming the backend with session requests. The confidentiality, integrity, and availability of the affected system are all impacted to a limited degree, consistent with the CVSS vector (C:L/I:L/A:L).
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider restricting access to the WebSocket backend, implementing additional session validation mechanisms, or monitoring for unusual session connection patterns to reduce risk. Avoid relying solely on session identifiers that can be reused or predicted.
CVE-2026-27647: CWE-613 in Mobility46 mobility46.se
Description
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability arises from the WebSocket backend using charging station identifiers as session identifiers but permitting multiple connections with the same identifier. This design flaw leads to predictable session identifiers, enabling session hijacking or shadowing attacks. An attacker can displace a legitimate charging station's session, intercept commands, or cause denial-of-service by flooding the backend with session requests. The issue is categorized under CWE-613 (Insufficient Session Expiration). The vulnerability affects all versions of mobility46.se and was published on 2026-02-27. No known exploits are reported in the wild, and no patch or vendor advisory detailing remediation is currently available.
Potential Impact
An attacker can hijack or shadow sessions by connecting with the same session identifier, potentially authenticating as other users or displacing legitimate charging stations. This can lead to unauthorized command execution or denial-of-service conditions by overwhelming the backend with session requests. The confidentiality, integrity, and availability of the affected system are all impacted to a limited degree, consistent with the CVSS vector (C:L/I:L/A:L).
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider restricting access to the WebSocket backend, implementing additional session validation mechanisms, or monitoring for unusual session connection patterns to reduce risk. Avoid relying solely on session identifiers that can be reused or predicted.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- icscert
- Date Reserved
- 2026-02-24T00:35:18.446Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69a0ebae32ffcdb8a293f336
Added to database: 2/27/2026, 12:56:14 AM
Last enriched: 4/9/2026, 10:11:51 PM
Last updated: 4/12/2026, 9:54:16 PM
Views: 60
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.