CVE-2026-22539

Summary

As the service interaction is performed without authentication, an attacker with some knowledge of the protocol could obtain information about the charger via OCPP v1.6.

Affected Software

VendorProductVersion RangeStatus
EFACECQC 60/90/1208affected

Weaknesses

  • CWE-201: CWE-201: Insertion of Sensitive Information Into Sent Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References