Primary

Context

Mobility46 WebSocket Session Hijacking Vulnerability

Vulnerability

A vulnerability in the WebSocket backend of Mobility46's EV charging management system allows multiple endpoints to connect using the same session identifier. This flaw creates predictable session identifiers, enabling session hijacking or shadowing. The most recent connection can displace the legitimate charging station, receiving backend commands intended for that station. This vulnerability could allow unauthorized users to authenticate as other users or enable a denial-of-service condition by overwhelming the backend with valid session requests.

Impact

Exploitation of this vulnerability could lead to unauthorized authentication as other users, session hijacking, or a denial-of-service condition by flooding the backend with valid session requests.

Remediation

Mobility46 did not respond to CISA's request for coordination. Contact Mobility46 using their contact page for more information.

Added: Feb 27, 2026, 1:19 AM

Updated: Feb 27, 2026, 1:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.2

remediation

0.0

relevance

3.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.2

remediation

0.0

relevance

3.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mobility46 WebSocket Session Hijacking Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating