WebSocket Authentication Flaw in Hydro-Québec Charging Station
CVE-2026-20744
9.3CRITICAL
What is CVE-2026-20744?
The Hydro-Québec charging station features a WebSocket endpoint that allows unauthenticated connections. This security oversight can lead to privilege escalation, enabling unauthorized users to access sensitive functionalities and potentially compromise the integrity of the system. Proper authentication mechanisms should be implemented to safeguard against unauthorized access and ensure the security of the infrastructure.
Affected Version(s)
Le Circuit Electrique charging station backend 0
References
CVSS V4
Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
An anonymous researcher reported this vulnerability to CISA
