top of page
perceptive_background_267k.jpg

Mobiliti e-mobi.hu

Published:

3 maart 2026 om 12:00:00

Alert date:

3 maart 2026 om 18:03:35

Source:

cisa.gov

Click to open the original link from this advisory

Critical Infrastructure, Mobile & IoT

Four critical vulnerabilities affect Mobiliti e-mobi.hu charging stations worldwide, enabling unauthorized administrative control and denial-of-service attacks. CVE-2026-26051 allows station impersonation through unauthenticated WebSocket endpoints. CVE-2026-20882 enables brute-force and DoS attacks via unrestricted authentication attempts. CVE-2026-27764 permits session hijacking through predictable identifiers. CVE-2026-27777 exposes authentication identifiers publicly via mapping platforms. The vulnerabilities impact Energy and Transportation critical infrastructure sectors with CVSS scores ranging from 6.5 to 9.4. Mobiliti has not responded to CISA coordination efforts, leaving all versions affected without available patches.

Technical details

Mitigation steps:

Affected products:

Mobiliti e-mobi.hu

Related links:

https://www.cisa.gov/news-events/ics-advisories/icsa-26-062-06
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-062-06.json
https://www.cve.org/CVERecord?id=CVE-2026-26051
https://www.cve.org/CVERecord?id=CVE-2026-20882
https://www.cve.org/CVERecord?id=CVE-2026-27764
https://www.cve.org/CVERecord?id=CVE-2026-27777
https://www.mobiliti.hu/emobilitas/ugyfeltamogatas/ugyfelszolgalat
https://cwe.mitre.org/data/definitions/306.html
https://cwe.mitre.org/data/definitions/307.html
https://cwe.mitre.org/data/definitions/613.html
https://cwe.mitre.org/data/definitions/522.html
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page