CVE-2026-27764 is a vulnerability classified under CWE-613 (Insufficient Session Expiration) affecting the Mobiliti e-mobi.hu product. The core issue lies in the WebSocket backend's session management mechanism, which uses charging station identifiers as session identifiers. These identifiers are predictable and allow multiple endpoints to connect simultaneously using the same session ID. This design flaw enables session hijacking or shadowing attacks, where an attacker can connect with the same session ID and displace the legitimate charging station, thereby intercepting or manipulating backend commands intended for that station. The vulnerability also facilitates unauthorized authentication as other users and can be exploited to launch denial-of-service attacks by flooding the backend with numerous valid session requests. The vulnerability is remotely exploitable without requiring authentication or user interaction, increasing its risk profile. The CVSS v3.1 score is 7.3 (high), reflecting the network attack vector, low attack complexity, no privileges or user interaction required, and impacts to confidentiality, integrity, and availability. Currently, no patches or mitigations have been published by the vendor, and no known exploits have been observed in the wild. The vulnerability affects all versions of the product, emphasizing the need for immediate attention from users of Mobiliti e-mobi.hu.

The vulnerability can have significant impacts on organizations operating electric vehicle charging infrastructure using Mobiliti e-mobi.hu. Session hijacking or shadowing can lead to unauthorized access to charging station controls, allowing attackers to manipulate charging sessions, potentially causing financial loss or operational disruption. Confidentiality is compromised as attackers can intercept commands and data intended for legitimate stations. Integrity is affected since attackers can alter commands or data, potentially causing incorrect charging behavior or damage to equipment. Availability may be degraded or denied if attackers overwhelm the backend with session requests, disrupting service for legitimate users. This can impact customer trust, regulatory compliance, and operational continuity. The remote and unauthenticated nature of the exploit increases the likelihood of attacks, especially in environments with exposed or poorly segmented network access to charging infrastructure. The lack of patches further elevates risk until mitigations are implemented.

Organizations should implement network segmentation and restrict access to the WebSocket backend to trusted hosts only, minimizing exposure to untrusted networks. Deploy Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) with rules to detect and block abnormal session creation or multiple connections using the same session identifier. Monitor WebSocket connections for unusual patterns such as multiple simultaneous connections with identical session IDs. Engage with the vendor for updates and patches addressing session management flaws. If possible, implement additional authentication or token validation mechanisms at the application layer to ensure session uniqueness and prevent reuse. Consider rate limiting connection attempts to mitigate denial-of-service risks. Conduct regular security assessments and penetration testing focused on session management and WebSocket communication. Maintain up-to-date asset inventories to identify affected systems and prioritize remediation efforts. Finally, prepare incident response plans to quickly detect and respond to potential exploitation attempts.