CVE-2026-27777 is a vulnerability classified under CWE-522, which pertains to insufficiently protected credentials. This vulnerability affects all versions of Mobiliti's e-mobi.hu product, a platform used for managing electric vehicle charging stations. The core issue is that authentication identifiers for charging stations are publicly accessible via web-based mapping platforms. These identifiers are critical for authenticating legitimate users or systems to the charging stations. Because these credentials are exposed without any access control, attackers can retrieve them remotely over the network without any privileges or user interaction. The CVSS v3.1 score of 6.5 reflects a medium severity level, indicating that while the vulnerability is remotely exploitable and requires no authentication, the impact is limited to confidentiality and integrity with no direct availability impact. The exposure of authentication identifiers could allow attackers to impersonate legitimate users or systems, potentially leading to unauthorized usage, manipulation of charging sessions, or disruption of billing and operational data. No patches or fixes have been published yet, and no known exploits are reported in the wild. The vulnerability was reserved in late February 2026 and published in early March 2026 by ICS-CERT, highlighting its relevance to industrial control and critical infrastructure sectors. Given the increasing reliance on electric vehicle infrastructure, this vulnerability represents a significant risk vector if left unmitigated.

The primary impact of CVE-2026-27777 is the compromise of confidentiality and integrity of charging station authentication credentials. Unauthorized access to these identifiers can lead to misuse of charging stations, including unauthorized charging sessions that could result in financial losses or service disruptions. Attackers might manipulate charging data, affecting billing accuracy and operational reporting. While availability is not directly impacted, indirect effects such as denial of service through misuse or overloading of stations are possible. Organizations relying on Mobiliti's e-mobi.hu platform may face reputational damage, regulatory scrutiny, and operational challenges if attackers exploit this vulnerability. The exposure also raises concerns about the security of critical infrastructure supporting electric vehicle ecosystems, which are increasingly targeted by threat actors. The lack of authentication and user interaction requirements lowers the barrier for exploitation, increasing the risk of widespread unauthorized access if attackers discover and leverage these publicly accessible identifiers.

To mitigate CVE-2026-27777, organizations should immediately assess the exposure of charging station authentication identifiers on public mapping platforms and restrict access to these credentials. Implement network segmentation and access controls to ensure that sensitive authentication data is not publicly accessible. Mobiliti should prioritize developing and releasing patches or updates that enforce encryption and proper access controls for authentication identifiers. Employ strong credential management practices, including rotating authentication tokens and using multi-factor authentication where possible. Monitor network traffic and logs for unusual access patterns or unauthorized usage of charging stations. Collaborate with mapping platform providers to remove or obscure sensitive authentication information from publicly accessible interfaces. Additionally, consider deploying anomaly detection systems to identify potential misuse of charging station credentials. Finally, educate staff and partners about the risks associated with credential exposure and enforce strict security policies around data sharing and platform configurations.