CVE-2026-25851 is a critical authentication-bypass issue affecting Chargemap's OCPP WebSocket interface. According to the CISA advisory, an attacker who knows or can discover a charging-station identifier can connect without authenticating, impersonate a legitimate charger, and send or receive OCPP commands. The practical impact is unauthorized control of charging infrastructure, privilege escalation with [truncated]
CVE-2026-20791 is a medium-severity information exposure issue in Chargemap/chargemap.com where charging station authentication identifiers were publicly accessible through web-based mapping platforms. The advisory does not describe active exploitation, but exposure of authentication-related identifiers can create avoidable risk and should be treated as a prompt access-control and data-exposure review item.
