ICSA-26-062-08 · Published 2026-03-03 · View on CISA ICS-CERT ↗

Everon OCPP Backends

CVSS 9.4 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks.

CVEs (4)

CVE-2026-26288 CVE-2026-24696 CVE-2026-20748 CVE-2026-27027

Remediations

Everon has shut down their platform on December 1st, 2025.

Affected Vendors

Everon

Affected Products (1)

Everon · api.everon.io vers:all/*

Affected Sectors

Energy, Transportation Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more