CVE-2026-31926 is a vulnerability in IGL-Technologies' eParking.fi product, which manages electric vehicle charging stations. The core issue is that authentication identifiers used by charging stations are publicly accessible via web-based mapping platforms. This exposure corresponds to CWE-522, which involves the exposure of sensitive information through insecure storage or transmission. The vulnerability affects all versions of the product and allows attackers to obtain authentication tokens or identifiers without any authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The identifiers being publicly accessible means that malicious actors can potentially impersonate legitimate charging stations or users, leading to unauthorized access or manipulation of charging sessions. Although there is no evidence of active exploitation in the wild, the vulnerability poses a risk to confidentiality and integrity of the charging infrastructure. The vulnerability does not impact availability directly but could lead to indirect service disruptions if attackers misuse the exposed credentials. The lack of patches at the time of publication suggests that mitigation relies on configuration changes or access control improvements. Given the increasing reliance on electric vehicle infrastructure, this vulnerability highlights the importance of securing authentication mechanisms and sensitive data exposure in IoT and smart city applications.

The exposure of charging station authentication identifiers can lead to unauthorized access to charging infrastructure, allowing attackers to impersonate legitimate users or devices. This can result in fraudulent use of charging services, manipulation of charging sessions, or unauthorized data access. While availability is not directly impacted, misuse of credentials could cause operational disruptions or denial of service through indirect means. The confidentiality breach may expose user or operational data, undermining trust in the eParking.fi platform. Organizations relying on this system could face financial losses, reputational damage, and regulatory scrutiny, especially in regions with stringent data protection laws. The vulnerability also raises concerns about the security of critical infrastructure supporting electric vehicle adoption, which is strategically important for energy and transportation sectors worldwide.

To mitigate this vulnerability, organizations should immediately review and restrict access to authentication identifiers exposed via web-based mapping platforms. Implementing strict access controls and authentication mechanisms on APIs and web services that expose sensitive data is critical. Network segmentation can isolate charging station management systems from public-facing services. Employing encryption for sensitive data in transit and at rest will reduce exposure risks. Monitoring and logging access to authentication identifiers can help detect unauthorized attempts. Since no patches are currently available, coordination with IGL-Technologies for updates or configuration guidance is essential. Additionally, organizations should consider deploying anomaly detection systems to identify suspicious activities related to charging station authentication. Regular security assessments and penetration testing focused on IoT and smart infrastructure components will help uncover similar exposures.