Evoke Csms vulnerabilities
4 known vulnerabilities affecting evoke/evoke_csms.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-40702P2CRITICALCVSS 9.4vAll versions2026-06-25
CVE-2026-40702 [CRITICAL] CWE-306 CVE-2026-40702: WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate chargin
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is required, this can lead to privilege escalation and potentially compromise th
nvd
CVE-2026-50176P3HIGHCVSS 7.5vAll versions2026-06-25
CVE-2026-50176 [HIGH] CWE-307 CVE-2026-50176: The WebSocket Application Programming Interface lacks restrictions on the number of authentication r
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks or brute-force attacks to gain unauthorized access.
nvd
CVE-2026-54479P3HIGHCVSS 7.3vAll versions2026-06-25
CVE-2026-54479 [HIGH] CWE-613 CVE-2026-54479: The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows mu
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-o
nvd
CVE-2026-44622P3MEDIUMCVSS 6.5vAll versions2026-06-25
CVE-2026-44622 [MEDIUM] CWE-522 CVE-2026-44622: Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
nvd