CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-54479

criticalCVSS 7.3covered by 2 sourcesfirst seen 2026-06-25
View CSAF Summary Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. The following versions of EVoke Systems Charging Station Management System are affected: EVoke CSMS vers:all/* CVSS Vendor Equipment Vulnerabilities v3 9.4 EVoke Systems EVoke Systems Charging Station Management System Missing Authentication for Critical Function, Improper Restriction of Excessive Authentication Attempts, Insufficient Session Expiration, Insufficiently Protected Credentials Background Critical Infrastructure Sectors: Energy, Transportation Systems Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-40702 WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is required, this can lead to privilege escalation and potentially compromise the security of the entire system. View CVE Details Affected Products EVoke Systems Charging Station Management System Vendor: EVoke Systems Product Version: EVoke Systems EVoke CSMS: vers:all/* Product Status: known_affected Remediations Vendor fix EVoke states that as a hardware-agnostic platform supporting multiple charger Original Equipment Manufacturers OEMs, EVoke must interoperate with EVSE devices that support different OCPP security profiles depending on the firmware capabilities of the charger. EVoke CSMS currently supports all OCPP security profiles (0–3). However, the effective security configuration for a charger connection is determined by the security profile implemented in the EVSE firmware. Some legacy chargers deployed in the network support only Security Profile 0 or 1. These chargers were install

CSIRTS triage

What
The vulnerabilities could enable attackers to gain unauthorized administrative control or disrupt charging services.
Who is affected
Deployments of EVoke Systems Charging Station Management System worldwide.
Urgency
Remediation is critical due to the high severity and potential for exploitation.
Action
Users should update to the latest version immediately.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-54479

Get an email if CVE-2026-54479 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (2)

External references

NVD record for CVE-2026-54479

CVE.org record

Embed the live status

CVE-2026-54479 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-54479 status](https://www.csirts.com/badge/CVE-2026-54479)](https://www.csirts.com/cve/CVE-2026-54479)