Platform
other
Component
csaf
CVE-2026-20781 describes a critical vulnerability in CloudCharge, affecting all versions. This vulnerability stems from a lack of authentication on WebSocket endpoints, allowing attackers to impersonate charging stations and manipulate data. Successful exploitation can lead to unauthorized control of charging infrastructure and data corruption, posing a significant risk to charging networks.
The core of this vulnerability lies in the absence of authentication for OCPP (Open Charge Point Protocol) WebSocket connections. An attacker can connect to the CloudCharge system using a known or discovered charging station identifier. Because no authentication is required, they can then issue OCPP commands as if they were a legitimate charging station. This allows for complete impersonation, enabling attackers to manipulate charging sessions, alter reported data, and potentially disrupt the entire charging network. The blast radius extends to the backend systems that rely on the data reported by CloudCharge, potentially impacting billing, energy management, and grid stability. This vulnerability shares similarities with other protocol-based attacks where authentication is bypassed, leading to unauthorized control.
CVE-2026-20781 was publicly disclosed on 2026-02-26. Its severity is rated CRITICAL (9.4 CVSS). There is currently no indication of active exploitation or a public proof-of-concept (POC). The vulnerability has not been added to the CISA KEV catalog as of this writing. Given the ease of exploitation and the potential impact, it is likely to become a target for malicious actors.
Exploit Status
EPSS
0.13% (32% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-20781 is to upgrade to a patched version of CloudCharge as soon as it becomes available. Until a patch is deployed, implement temporary workarounds to reduce the attack surface. A Web Application Firewall (WAF) or proxy can be configured to restrict access to the OCPP WebSocket endpoint (typically on port 9000) to only trusted sources. Implement strict IP address filtering or authentication mechanisms at the WAF level. Additionally, monitor OCPP traffic for suspicious activity, such as unexpected commands or data patterns. Consider implementing rate limiting on the WebSocket endpoint to prevent brute-force attempts to discover valid charging station identifiers. After implementing WAF rules, verify their effectiveness by attempting to connect to the OCPP endpoint without proper authentication.
Implement robust authentication mechanisms for the WebSocket endpoints. This may include the use of authentication tokens, TLS certificates, or any other method that ensures the identity of the charger. Update to a version that incorporates these security measures.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-20781 is a critical vulnerability in CloudCharge where unauthenticated attackers can impersonate charging stations and manipulate data due to missing authentication on WebSocket endpoints, potentially leading to unauthorized control.
If you are using any version of CloudCharge, you are potentially affected by this vulnerability. Upgrade as soon as a patch is available.
The recommended fix is to upgrade to a patched version of CloudCharge. Until then, implement WAF rules to restrict access to the OCPP WebSocket endpoint.
There is currently no evidence of active exploitation, but the vulnerability's ease of exploitation makes it a likely target.
Please refer to the CloudCharge official website and security advisories for the latest information and patch releases.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.