Chargemap chargemap.com

Plan PatchCVSS 9.4ICS-CERT ICSA-26-057-05Feb 26, 2026

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Chargemap charging station management platform contains authentication and input validation vulnerabilities (CWE-306, CWE-307, CWE-613, CWE-522) affecting all versions. Successful exploitation could enable attackers to gain unauthorized administrative control or disrupt charging services through denial-of-service attacks.

What this means

What could happen

An attacker could gain administrative control of charging stations or disrupt charging services, potentially preventing electric vehicle charging and impacting transportation infrastructure availability.

Who's at risk

Electric utility operators and municipalities deploying Chargemap charging infrastructure should be concerned. This affects EV charging station management systems and any connected charging station networks.

How it could be exploited

An attacker on the network could exploit missing authentication controls or weak credential validation in the Chargemap platform to gain administrative access without valid credentials, allowing them to reconfigure charging stations or disable services.

Prerequisites

Network access to Chargemap platform or charging station management interface
No valid credentials required

remotely exploitableno authentication requiredlow complexityno patch availableaffects critical infrastructure availability

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (1)

ProductAffected VersionsFix Status

chargemap.com: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/3

WORKAROUNDContact Chargemap support at https://chargemap.com/en-us/support to request a security update or workaround guidance

HARDENINGRestrict network access to Chargemap management interfaces from trusted IP ranges only

HARDENINGMonitor charging station administrative account activity for unauthorized access or configuration changes

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGSegregate charging station networks from corporate and critical OT networks using firewall rules

CVEs (4)

CVE-2026-25851 CVE-2026-20792 CVE-2026-25711 CVE-2026-20791

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8ca159e6-b865-4bbe-80f6-3d61755e935a

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.