CVE-2026-27777 identifies a vulnerability in Mobiliti's e-mobi.hu platform, which is used for managing electric vehicle charging stations. The core issue is that authentication identifiers for these charging stations are exposed publicly via web-based mapping platforms. This exposure corresponds to CWE-522, which relates to the storage or transmission of credentials in an insecure manner. The vulnerability affects all versions of the product, indicating a systemic design or implementation flaw. The CVSS 3.1 base score is 6.5, reflecting a medium severity level. The vector indicates that the attack can be performed remotely over the network (AV:N), requires no privileges (PR:N), no user interaction (UI:N), and affects confidentiality and integrity (C:L/I:L) but not availability (A:N). The scope remains unchanged (S:U). The public availability of authentication identifiers means that attackers can potentially identify and misuse charging stations without needing to bypass authentication themselves. While no exploits have been reported in the wild, the ease of access to these credentials increases the risk of unauthorized use, potential fraud, or disruption of charging services. The vulnerability highlights a critical need for better credential management and access controls in EV infrastructure platforms. The lack of available patches at the time of publication suggests that users must implement compensating controls until official fixes are released.

The exposure of authentication identifiers compromises the confidentiality and integrity of the charging station management system. Attackers gaining access to these credentials could impersonate legitimate users or devices, leading to unauthorized use of charging stations, potential financial fraud, or manipulation of charging operations. This could degrade trust in EV infrastructure providers and disrupt services for legitimate users. While availability is not directly impacted, indirect effects such as service denial through misuse or overloading could occur. Organizations operating or relying on Mobiliti's e-mobi.hu platform face risks to operational security and customer trust. The vulnerability could also facilitate further attacks if attackers leverage exposed credentials to pivot into broader network environments. Given the increasing adoption of electric vehicles and reliance on digital management platforms, the impact extends to critical infrastructure sectors and smart city initiatives, potentially affecting energy management and transportation systems.

To mitigate this vulnerability, organizations should immediately audit and restrict access to charging station authentication identifiers, ensuring they are not publicly exposed via mapping or other web platforms. Implement network segmentation to isolate charging station management systems from public-facing services. Employ strong authentication mechanisms such as multi-factor authentication and rotate credentials regularly to reduce the risk of misuse. Monitor access logs and network traffic for unusual activities that may indicate exploitation attempts. Engage with Mobiliti to obtain updates or patches addressing this issue and apply them promptly once available. Consider deploying web application firewalls (WAFs) or API gateways to control and filter access to sensitive endpoints. Additionally, educate staff and users about the risks of credential exposure and enforce strict data handling policies. If possible, disable or limit the functionality of public mapping features that expose sensitive information until the vulnerability is resolved.