LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2026-29796

CVE-2026-29796 - Vulnerability Analysis

CriticalCVSS: 9.4

Last Updated: March 20, 2026

OCPP WebSocket - Broken Access Control

Published: March 20, 2026Updated: March 20, 2026Remote Exploitable

Overview

OCPP WebSocket endpoints contain a broken access control vulnerability caused by lack of authentication, letting unauthenticated attackers impersonate charging stations and manipulate backend data, exploit requires no authentication.

Severity & Score

Severity: Critical
CVSS Score: 9.4
EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can impersonate charging stations, escalate privileges, and manipulate charging infrastructure data.

Mitigation

Implement proper authentication mechanisms on WebSocket endpoints or update to a version with authentication.

References

Social Media Activity(2 posts)

BeyondMachines :verified:
BeyondMachines :verified:
@beyondmachines1
Mar 20, 2026

IGL-Technologies Patches Critical Authentication Bypass in eParking.fi Platform IGL-Technologies patched four vulnerabilities in its eParking.fi platform, including a critical authentication bypass (CVE-2026-29796) that allows attackers to impersonate EV charging stations and gain administrative control. **Isolate your EV charging infrastructure as much as possible from the public internet and public network access. Verify that your hardware supports the vendor's new security profiles. Since station identifiers were leaked on public maps, you should treat existing IDs as compromised and implement device whitelisting.** #cybersecurity #infosec #advisory #vulnerability https://beyondmachines.net/event_details/igl-technologies-patches-critical-authentication-bypass-in-eparking-fi-platform-a-5-9-c-q/gD2P6Ple2L

View original post
BeyondMachines :verified:
BeyondMachines :verified:
@beyondmachines1
Mar 20, 2026

IGL-Technologies Patches Critical Authentication Bypass in eParking.fi Platform IGL-Technologies patched four vulnerabilities in its eParking.fi platform, including a critical authentication bypass (CVE-2026-29796) that allows attackers to impersonate EV charging stations and gain administrative control. **Isolate your EV charging infrastructure as much as possible from the public internet and public network access. Verify that your hardware supports the vendor's new security profiles. Since station identifiers were leaked on public maps, you should treat existing IDs as compromised and implement device whitelisting.** #cybersecurity #infosec #advisory #vulnerability https://beyondmachines.net/event_details/igl-technologies-patches-critical-authentication-bypass-in-eparking-fi-platform-a-5-9-c-q/gD2P6Ple2L

View original post

Related Resources

Details

CVE ID
CVE-2026-29796
Severity
Critical
CVSS Score
9.4
Type
broken_access_control
Status
new
EPSS
0.0%
Social Posts
2

CWE

  • CWE-306

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

EPSS Score

0.0%Probability of exploitation in the next 30 days