Plateforme
other
Composant
csaf
CVE-2026-20781 describes a critical vulnerability in CloudCharge, affecting all versions. This vulnerability stems from a lack of authentication on WebSocket endpoints, allowing attackers to impersonate charging stations and manipulate data. Successful exploitation can lead to unauthorized control of charging infrastructure and data corruption, posing a significant risk to charging networks.
The core of this vulnerability lies in the absence of authentication for OCPP (Open Charge Point Protocol) WebSocket connections. An attacker can connect to the CloudCharge system using a known or discovered charging station identifier. Because no authentication is required, they can then issue OCPP commands as if they were a legitimate charging station. This allows for complete impersonation, enabling attackers to manipulate charging sessions, alter reported data, and potentially disrupt the entire charging network. The blast radius extends to the backend systems that rely on the data reported by CloudCharge, potentially impacting billing, energy management, and grid stability. This vulnerability shares similarities with other protocol-based attacks where authentication is bypassed, leading to unauthorized control.
CVE-2026-20781 was publicly disclosed on 2026-02-26. Its severity is rated CRITICAL (9.4 CVSS). There is currently no indication of active exploitation or a public proof-of-concept (POC). The vulnerability has not been added to the CISA KEV catalog as of this writing. Given the ease of exploitation and the potential impact, it is likely to become a target for malicious actors.
Organizations deploying CloudCharge for managing electric vehicle charging infrastructure are at significant risk. This includes businesses operating charging stations, energy providers, and grid operators. Legacy CloudCharge deployments with outdated configurations are particularly vulnerable, as are environments where network segmentation is inadequate, allowing external access to the OCPP WebSocket endpoint.
• linux / server:
journalctl -u cloudcharge -f | grep -i "ocpp"• generic web:
curl -v https://<cloudcharge_ip>:9000/ocpp | grep -i "websocket"• generic web:
curl -I https://<cloudcharge_ip>:9000/ocpp• linux / server:
lsof -i :9000disclosure
Statut de l'Exploit
EPSS
0.13% (percentile 32%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2026-20781 is to upgrade to a patched version of CloudCharge as soon as it becomes available. Until a patch is deployed, implement temporary workarounds to reduce the attack surface. A Web Application Firewall (WAF) or proxy can be configured to restrict access to the OCPP WebSocket endpoint (typically on port 9000) to only trusted sources. Implement strict IP address filtering or authentication mechanisms at the WAF level. Additionally, monitor OCPP traffic for suspicious activity, such as unexpected commands or data patterns. Consider implementing rate limiting on the WebSocket endpoint to prevent brute-force attempts to discover valid charging station identifiers. After implementing WAF rules, verify their effectiveness by attempting to connect to the OCPP endpoint without proper authentication.
Implémenter des mécanismes d'authentification robustes pour les points de terminaison WebSocket. Cela peut inclure l'utilisation de jetons d'authentification, de certificats TLS ou toute autre méthode qui garantit l'identité du chargeur. Mettre à jour vers une version qui incorpore ces mesures de sécurité.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-20781 is a critical vulnerability in CloudCharge where unauthenticated attackers can impersonate charging stations and manipulate data due to missing authentication on WebSocket endpoints, potentially leading to unauthorized control.
If you are using any version of CloudCharge, you are potentially affected by this vulnerability. Upgrade as soon as a patch is available.
The recommended fix is to upgrade to a patched version of CloudCharge. Until then, implement WAF rules to restrict access to the OCPP WebSocket endpoint.
There is currently no evidence of active exploitation, but the vulnerability's ease of exploitation makes it a likely target.
Please refer to the CloudCharge official website and security advisories for the latest information and patch releases.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.