Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-27767
PUBLISHED
More InfoOfficial Page
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
View Known Exploited Vulnerability (KEV) details
Published At-26 Feb, 2026 | 23:57
Updated At-27 Feb, 2026 | 00:00
Rejected At-
▼CVE Numbering Authority (CNA)
SWITCH EV swtchenergy.com Missing Authentication for Critical Function

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend.

Affected Products
Vendor
SWITCH EV
Product
swtchenergy.com
Default Status
unaffected
Versions
Affected
  • All versions
Problem Types
TypeCWE IDDescription
CWECWE-306CWE-306 Missing Authentication for Critical Function
Type: CWE
CWE ID: CWE-306
Description: CWE-306 Missing Authentication for Critical Function
Metrics
VersionBase scoreBase severityVector
3.19.4CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Version: 3.1
Base score: 9.4
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

SWITCH EV did not respond to CISA's request for coordination. Contact SWITCH EV using their contact page here: https://swtchenergy.com/contact/ for more information.

Exploits
Credits
finder
Khaled Sarieddine and Mohammad Ali Sayed reported this vulnerability to CISA.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://swtchenergy.com/contact/
N/A
https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-06
N/A
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-06.json
N/A
Hyperlink: https://swtchenergy.com/contact/
Resource: N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-06
Resource: N/A
Hyperlink: https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-06.json
Resource: N/A
Details not found