Vulnerability in Ctek Charge_portal
CVE-2026-27649
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables s…
EPSS: 0.001 (17.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L.
Affected products
- Ctek Charge_portal
- Ctek Chargeportal — versions All versions
Weakness classification (CWE)
References
- ics-cert@hq.dhs.gov (US Government Resource, Third Party Advisory)
- ics-cert@hq.dhs.gov (Product)
- ics-cert@hq.dhs.gov (Product)
Frequently asked questions
- What is CVE-2026-27649?
- CVE-2026-27649 is a high-severity vulnerability in Ctek Charge_portal, classified under Insufficient Session Expiration. CVSS score: 7.3/10. Published 2026-03-20.
- How severe is CVE-2026-27649?
- High severity. CVSS v3 base score is 7.3 out of 10.