CVE-2026-9039
Published: May 28, 2026
Modified: May 29, 2026
Description
A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default administrative credential. A malicious device physically connected to the charging interface could leverage this misconfiguration to obtain full administrative access.
| Vendor | Product | Versions |
|---|---|---|
XCharge | C6 | affected 0 - < May_22_2026 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now