CVE-2026-44383

Summary

Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend.

Affected Software

VendorProductVersion RangeStatus
Hydro-QuébecLe Circuit Electrique charging station backend0 < June_2026affected

Weaknesses

  • CWE-613: CWE-613

References