Aviatrix Threat Research Center

In February 2026, multiple critical vulnerabilities were identified in EV2GO's ev2go.io charging management platform, affecting all versions. These flaws include missing authentication for critical functions (CVE-2026-24731), improper restriction of excessive authentication attempts (CVE-2026-25945), insufficient session expiration (CVE-2026-20895), and insufficiently protected credentials (CVE-2026-22890). Exploitation could allow attackers to impersonate charging stations, hijack sessions, misroute traffic causing large-scale denial of service, and manipulate backend data. ([therealistjuggernaut.com](https://therealistjuggernaut.com/2026/02/26/trj-cybersecurity-ev2go-charging-platform-exposed-authentication-failures-create-high-risk-entry-points-across-global-ev-infrastructure/?utm_source=openai)) The absence of vendor response and lack of available patches heighten the urgency for organizations to implement immediate defensive measures. This incident underscores the critical need for robust authentication mechanisms and proactive vulnerability management in infrastructure systems to prevent potential exploitation and operational disruptions.

In February 2026, multiple critical vulnerabilities were identified in EV Energy's ev.energy platform, a UK-based provider of electric vehicle charging software. These vulnerabilities include missing authentication for critical functions (CVE-2026-27772), improper restriction of excessive authentication attempts (CVE-2026-24445), insufficient session expiration (CVE-2026-26290), and insufficiently protected credentials (CVE-2026-25774). Exploitation of these flaws could allow attackers to gain unauthorized control over charging stations, disrupt services, and compromise data integrity. ([beyondmachines.net](https://beyondmachines.net/event_details/critical-vulnerabilities-in-ev-energy-charging-platform-allow-remote-hijacking-b-x-t-d-l?utm_source=openai)) The increasing integration of electric vehicle infrastructure with the power grid underscores the urgency of addressing these security gaps. As cyberattacks on EV charging stations rise, ensuring robust authentication and session management mechanisms is critical to prevent potential disruptions and maintain trust in the EV ecosystem. ([yahoo.com](https://www.yahoo.com/news/cyberattacks-ev-charging-stations-rise-120000365.html?utm_source=openai))

In February 2026, multiple critical vulnerabilities were identified in CloudCharge's cloudcharge.se platform, which manages electric vehicle (EV) charging infrastructure globally. These vulnerabilities include missing authentication for critical functions (CVE-2026-20781), improper restriction of excessive authentication attempts (CVE-2026-25114), insufficient session expiration (CVE-2026-27652), and insufficiently protected credentials (CVE-2026-20733). Exploitation of these flaws could allow attackers to impersonate charging stations, hijack sessions, suppress or misroute legitimate traffic, and manipulate data sent to the backend, potentially leading to large-scale denial of service and unauthorized control over charging infrastructure. ([therealistjuggernaut.com](https://therealistjuggernaut.com/2026/02/26/trj-cybersecurity-cloudcharge-platform-vulnerabilities-open-global-ev-charging-networks-to-session-hijack-and-impersonation-risk/?utm_source=openai)) The discovery of these vulnerabilities underscores the urgent need for robust authentication and session management mechanisms in critical infrastructure systems. As the adoption of EVs continues to rise, ensuring the security of charging networks is paramount to prevent potential disruptions and maintain public trust in these technologies.

In February 2026, multiple critical vulnerabilities were identified in Mobility46's charging station management platform, mobility46.se. These vulnerabilities include missing authentication for critical functions (CVE-2026-27028), improper restriction of excessive authentication attempts (CVE-2026-26305), insufficient session expiration (CVE-2026-27647), and insufficiently protected credentials (CVE-2026-22878). Exploitation of these flaws could allow attackers to gain unauthorized administrative control over charging stations or disrupt services through denial-of-service attacks. ([cvefeed.io](https://cvefeed.io/vuln/detail/CVE-2026-27028?utm_source=openai)) The increasing reliance on electric vehicle (EV) infrastructure underscores the importance of securing such platforms. These vulnerabilities highlight the need for robust authentication mechanisms and session management to prevent unauthorized access and ensure the integrity of critical infrastructure services.

In February 2026, multiple critical vulnerabilities were identified in Chargemap's platform, a widely used electric vehicle charging service. These flaws include missing authentication for critical functions (CVE-2026-25851), improper restriction of excessive authentication attempts (CVE-2026-20792), insufficient session expiration (CVE-2026-25711), and insufficiently protected credentials (CVE-2026-20791). Exploitation of these vulnerabilities could allow attackers to gain unauthorized administrative control over charging stations or disrupt services through denial-of-service attacks. ([beyondmachines.net](https://beyondmachines.net/event_details/multiple-vulnerabilities-discovered-in-chargemap-platform-z-y-h-q-j?utm_source=openai)) The absence of vendor patches and Chargemap's lack of response to coordination requests from CISA highlight the urgency for organizations to implement immediate mitigations. This incident underscores the critical need for robust security measures in EV charging infrastructure, especially as the adoption of electric vehicles continues to rise globally. ([beyondmachines.net](https://beyondmachines.net/event_details/multiple-vulnerabilities-discovered-in-chargemap-platform-z-y-h-q-j?utm_source=openai))