PatchSiren cyber security CVE debrief
CVE-2026-27652 Unknown Vendor CVE debrief
CISA published CVE-2026-27652 on 2026-02-26 for CloudCharge cloudcharge.se. The advisory says the WebSocket backend ties sessions to charging-station identifiers, but allows multiple endpoints to connect with the same session identifier. That creates predictable sessions and can let a newer connection shadow the legitimate station, receive its backend commands, and potentially disrupt service.
- Vendor
- Unknown Vendor
- Product
- CloudCharge cloudcharge.se vers:all/*
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-02-26
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-02-26
Who should care
Operators and integrators using CloudCharge cloudcharge.se, especially teams responsible for charging-station connectivity, backend session handling, and operational monitoring.
Technical summary
According to the CISA CSAF advisory, the issue is that charging-station identifiers are used to uniquely associate WebSocket sessions, yet duplicate connections using the same identifier are allowed. This can result in session hijacking or shadowing, where the most recent connection displaces the intended station and receives commands meant for it. The advisory also notes possible unauthorized authentication as another user and denial-of-service from flooding the backend with valid session requests. CISA maps the weakness to CWE-613.
Defensive priority
High. The flaw is network-reachable, requires no user interaction, and can affect both integrity and availability of backend-to-station communications.
Recommended defensive actions
- Inventory CloudCharge deployments and identify any systems that rely on WebSocket session identifiers for charging-station association.
- Review whether duplicate or concurrent connections are accepted for the same station identity; if so, treat that as a security risk.
- Implement or validate server-side enforcement that rejects duplicate sessions and uses unpredictable, non-reusable session tokens.
- Monitor for anomalous reconnects, repeated valid session creation attempts, and session displacement events.
- Restrict and segment access to backend interfaces where feasible, and apply rate limiting or other controls to reduce session-flooding risk.
- Contact the vendor through the published support page for product-specific guidance, since the advisory states CloudCharge did not respond to CISA's coordination request.
Evidence notes
All substantive claims are taken from the CISA CSAF advisory and its listed references. The advisory date used here is the published date of 2026-02-26, not any later processing date. Vendor identification in the supplied corpus is low confidence and should be treated as advisory context, not as a fully verified vendor record.
Official resources
-
CVE-2026-27652 CVE record
CVE.org
-
CVE-2026-27652 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published this advisory on 2026-02-26. The source notes that CloudCharge did not respond to CISA's coordination request, so the advisory does not provide a vendor-confirmed fix in the supplied corpus.