Red Hot Cyber
Cybersecurity, Cybercrime News and Vulnerability Analysis
Description: A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default administrative credential. A malicious device physically connected to the charging interface could leverage this misconfiguration to obtain full administrative access.
CVSS metrics not available.
Database CWE: v4.18
CWE-1188: Initialization of a Resource with an Insecure Default ↗
The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.
Fonte: MITRE CWE
The **EPSS (Exploit Prediction Scoring System)** is a score from **0 to 1** that indicates the **probability** that a vulnerability will be exploited in the real world in the next 30 days. A higher value indicates a greater likelihood of exploitation.
The **Percentile** indicates how much higher this vulnerability's EPSS score is compared to all other vulnerabilities in the EPSS database. For example, a percentile of 0.90 (90%) means that 90% of vulnerabilities have an EPSS score equal to or lower than the current one.
*Data updated as of: 2026-06-05
The **CISA KEV Catalog** lists vulnerabilities that have been **actively exploited in the real world**. If a CVE is present in this catalog, it indicates that the threat is immediate and mitigation should be a top priority.
CVE **CVE-2026-9039** is not present in the CISA KEV Catalog. This indicates that it is not currently classified by CISA as an actively exploited vulnerability.
No results found on GitHub for this CVE.