Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-20791

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-26 Feb, 2026 | 23:10
Updated At-26 Feb, 2026 | 23:10
Rejected At-
Credits

Chargemap chargemap.com Insufficiently Protected Credentials

Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:26 Feb, 2026 | 23:10
Updated At:26 Feb, 2026 | 23:10
Rejected At:
▼CVE Numbering Authority (CNA)
Chargemap chargemap.com Insufficiently Protected Credentials

Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

Affected Products
Vendor
Chargemap
Product
chargemap.com
Default Status
unaffected
Versions
Affected
  • All versions
Problem Types
TypeCWE IDDescription
CWECWE-522CWE-522 Insufficiently Protected Credentials
Type: CWE
CWE ID: CWE-522
Description: CWE-522 Insufficiently Protected Credentials
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

Chargemap did not respond to CISA's request for coordination. Contact Chargemap using their contact page here: https://chargemap.com/en-us/support for more information.

Exploits
Credits
finder
Khaled Sarieddine and Mohammad Ali Sayed reported this vulnerability to CISA
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://chargemap.com/en-us/support
N/A
https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-05
N/A
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-05.json
N/A
Hyperlink: https://chargemap.com/en-us/support
Resource: N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-05
Resource: N/A
Hyperlink: https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-05.json
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:27 Feb, 2026 | 00:16
Updated At:27 Feb, 2026 | 14:06

Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-522Primaryics-cert@hq.dhs.gov
CWE ID: CWE-522
Type: Primary
Source: ics-cert@hq.dhs.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://chargemap.com/en-us/supportics-cert@hq.dhs.gov
N/A
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-05.jsonics-cert@hq.dhs.gov
N/A
https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-05ics-cert@hq.dhs.gov
N/A
Hyperlink: https://chargemap.com/en-us/support
Source: ics-cert@hq.dhs.gov
Resource: N/A
Hyperlink: https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-05.json
Source: ics-cert@hq.dhs.gov
Resource: N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-05
Source: ics-cert@hq.dhs.gov
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

7Records found
CVE-2026-27773
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.06%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 00:03
Updated-27 Feb, 2026 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SWITCH EV swtchenergy.com Insufficiently Protected Credentials

Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

Action-Not Available
Vendor-SWITCH EV
Product-swtchenergy.com
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2026-22890
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.06%
||
7 Day CHG~0.00%
Published-26 Feb, 2026 | 23:50
Updated-27 Feb, 2026 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EV2GO ev2go.io Insufficiently Protected Credentials

Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

Action-Not Available
Vendor-EV2GO
Product-ev2go.io
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2026-25774
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.06%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 00:15
Updated-27 Feb, 2026 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EV Energy ev.energy Insufficiently Protected Credentials

Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

Action-Not Available
Vendor-EV Energy
Product-ev.energy
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2026-22878
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.76%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 00:25
Updated-27 Feb, 2026 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mobility46 mobility46.se Insufficiently Protected Credentials

Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

Action-Not Available
Vendor-Mobility46
Product-mobility46.se
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2026-20733
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.06%
||
7 Day CHG~0.00%
Published-26 Feb, 2026 | 23:38
Updated-27 Feb, 2026 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CloudCharge cloudcharge.se Insufficiently Protected Credentials

Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

Action-Not Available
Vendor-CloudCharge
Product-cloudcharge.se
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-44758
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 28.89%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 06:00
Updated-18 Sep, 2024 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL BigFix Insights for Vulnerability Remediation (IVR) is vulnerable to improper credential handling

BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An attacker can gain access to information that is not explicitly authorized.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-bigfix_insights_for_vulnerability_remediationBigFix Insights for Vulnerability Remediation
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-44757
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 26.93%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 06:13
Updated-18 Sep, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL BigFix Insights for Vulnerability Remediation (IVR) is vulnerable to weak cryptography

BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-bigfix_insights_for_vulnerability_remediationBigFix Insights for Vulnerability Remediation
CWE ID-CWE-522
Insufficiently Protected Credentials
Details not found