■■■■□ CVE-2026-9039
An EV charger’s charging port is a network port.
Researchers found SSH and Telnet services exposed on XCharge C6 chargers with default root:root credentials. A threat actor with a malicious EV can gain immediate full control access on the charger and perform energy theft or potentially cause physical damage.
https://www.saiflow.com/blog/the-hidden-ccs2-attack-surface-on-ev-chargers
