Plattform
other
Komponente
csaf
CVE-2026-20781 describes a critical vulnerability in CloudCharge, affecting all versions. This vulnerability stems from a lack of authentication on WebSocket endpoints, allowing attackers to impersonate charging stations and manipulate data. Successful exploitation can lead to unauthorized control of charging infrastructure and data corruption, posing a significant risk to charging networks.
The core of this vulnerability lies in the absence of authentication for OCPP (Open Charge Point Protocol) WebSocket connections. An attacker can connect to the CloudCharge system using a known or discovered charging station identifier. Because no authentication is required, they can then issue OCPP commands as if they were a legitimate charging station. This allows for complete impersonation, enabling attackers to manipulate charging sessions, alter reported data, and potentially disrupt the entire charging network. The blast radius extends to the backend systems that rely on the data reported by CloudCharge, potentially impacting billing, energy management, and grid stability. This vulnerability shares similarities with other protocol-based attacks where authentication is bypassed, leading to unauthorized control.
CVE-2026-20781 was publicly disclosed on 2026-02-26. Its severity is rated CRITICAL (9.4 CVSS). There is currently no indication of active exploitation or a public proof-of-concept (POC). The vulnerability has not been added to the CISA KEV catalog as of this writing. Given the ease of exploitation and the potential impact, it is likely to become a target for malicious actors.
Organizations deploying CloudCharge for managing electric vehicle charging infrastructure are at significant risk. This includes businesses operating charging stations, energy providers, and grid operators. Legacy CloudCharge deployments with outdated configurations are particularly vulnerable, as are environments where network segmentation is inadequate, allowing external access to the OCPP WebSocket endpoint.
• linux / server:
journalctl -u cloudcharge -f | grep -i "ocpp"• generic web:
curl -v https://<cloudcharge_ip>:9000/ocpp | grep -i "websocket"• generic web:
curl -I https://<cloudcharge_ip>:9000/ocpp• linux / server:
lsof -i :9000disclosure
Exploit-Status
EPSS
0.13% (32% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-20781 is to upgrade to a patched version of CloudCharge as soon as it becomes available. Until a patch is deployed, implement temporary workarounds to reduce the attack surface. A Web Application Firewall (WAF) or proxy can be configured to restrict access to the OCPP WebSocket endpoint (typically on port 9000) to only trusted sources. Implement strict IP address filtering or authentication mechanisms at the WAF level. Additionally, monitor OCPP traffic for suspicious activity, such as unexpected commands or data patterns. Consider implementing rate limiting on the WebSocket endpoint to prevent brute-force attempts to discover valid charging station identifiers. After implementing WAF rules, verify their effectiveness by attempting to connect to the OCPP endpoint without proper authentication.
Implementieren Sie robuste Authentifizierungsmechanismen für die WebSocket-Endpunkte. Dies kann die Verwendung von Authentifizierungstoken, TLS-Zertifikaten oder anderen Methoden umfassen, die die Identität des Ladegeräts gewährleisten. Aktualisieren Sie auf eine Version, die diese Sicherheitsmaßnahmen enthält.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-20781 is a critical vulnerability in CloudCharge where unauthenticated attackers can impersonate charging stations and manipulate data due to missing authentication on WebSocket endpoints, potentially leading to unauthorized control.
If you are using any version of CloudCharge, you are potentially affected by this vulnerability. Upgrade as soon as a patch is available.
The recommended fix is to upgrade to a patched version of CloudCharge. Until then, implement WAF rules to restrict access to the OCPP WebSocket endpoint.
There is currently no evidence of active exploitation, but the vulnerability's ease of exploitation makes it a likely target.
Please refer to the CloudCharge official website and security advisories for the latest information and patch releases.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.