Public Exposure of Charging Station Authentication Identifiers in EV2GO Platform
CVE-2026-22890

6.9MEDIUM

Key Information:

Vendor: Ev2go
Status: Ev2go.io
Vendor: CVE Published:; 26 February 2026

What is CVE-2026-22890?

The EV2GO platform's charging stations have a significant vulnerability that allows authentication identifiers to be accessed publicly through web-based mapping technologies. This exposure creates potential risks for unauthorized access and misuse of the charging infrastructure, highlighting the importance of implementing robust security measures to protect sensitive information.

Affected Version(s)

ev2go.io All versions

References

https://ev2go.io/

https://www.cisa.gov/news-events/ics-advisories/icsa-26-0...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 26, 2026
Vulnerability Reserved
Feb 23, 2026

Credit

Khaled Sarieddine and Mohammad Ali Sayed reported this vulnerability to CISA.

CVE-2026-22890 Data

JSON

Ev2go

What is CVE-2026-22890?

Affected Version(s)

References

CVSS V4

Timeline

Credit