CVE-2026-22539 MEDIUM

CVE-2026-22539: INFORMATION DISCLOSURE VIA CURL REQUESTS (OCPP)

Vendor Efacec
Product QC 60/90/120
Weakness CWE-201
Published January 7, 2026
Last update January 9, 2026

CVSS base score

5.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

As the service interaction is performed without authentication, an attacker with some knowledge of the protocol could obtain information about the charger via OCPP v1.6.

Key dates

02Disclosure timeline

January 7, 2026 CVE published
January 9, 2026 Record updated

Related vulnerabilities

04Related CVE