Browse all 4 CVE security advisories affecting EV2GO. AI-powered Chinese analysis, POCs, and references for each vulnerability.
EV2GO operates in the electric vehicle charging infrastructure sector, providing networked charging stations and management software. Historically, the platform has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its four recorded CVEs. These vulnerabilities often stem from insufficient input validation and insecure default configurations. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities suggests potential risks for operators and users relying on these systems for critical infrastructure. The platform's network-facing components and web interfaces present multiple attack vectors that could compromise both operational integrity and user data.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-22890 | EV2GO ev2go.io Insufficiently Protected Credentials — ev2go.ioCWE-522 | 6.5 | Medium | 2026-02-26 |
| CVE-2026-20895 | EV2GO ev2go.io Insufficient Session Expiration — ev2go.ioCWE-613 | 7.3 | High | 2026-02-26 |
| CVE-2026-25945 | EV2GO ev2go.io Improper Restriction of Excessive Authentication Attempts — ev2go.ioCWE-307 | 7.5 | High | 2026-02-26 |
| CVE-2026-24731 | EV2GO ev2go.io Missing Authentication for Critical Function — ev2go.ioCWE-306 | 9.4 | Critical | 2026-02-26 |
This page lists every published CVE security advisory associated with EV2GO. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.