July 19, 2026 at 02:12PM

■■■■□ CVE-2026-9039
An EV charger’s charging port is a network port.

Researchers found SSH and Telnet services exposed on XCharge C6 chargers with default root:root credentials. A threat actor with a malicious EV can gain immediate full control access on the charger and perform energy theft or potentially cause physical damage.

https://www.saiflow.com/blog/the-hidden-ccs2-attack-surface-on-ev-chargers