EV2GO ev2go.io
Summary
Multiple vulnerabilities have been identified in EV2GO ev2go.io charging stations, potentially allowing attackers to impersonate stations, hijack sessions, cause denial of service, and manipulate backend data. The most severe vulnerability, CVE-2026-24731, involves a lack of authentication for WebSocket endpoints.
IFF Assessment
Exploitation of these vulnerabilities can lead to significant disruptions and unauthorized control of EV charging infrastructure.
Severity
Defender Context
Defenders in the energy and transportation sectors should monitor for unauthorized access attempts and unusual network traffic related to EV charging infrastructure. Given the lack of vendor response, organizations using EV2GO equipment should implement compensating controls like network segmentation and monitoring, and should pressure the vendor for updates.