CVE-2026-9037
A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through...
Published: 2026-05-28 · Last updated: 2026-05-29
Severity and scoring
- CWE
- CWE-494
Description
A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the management channel could cause the device to install an unauthorized firmware package. This condition could allow execution of unauthorized code with high privileges on the device.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-45058 — electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client
- CVE-2026-9089 — The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update opera... (8.8 HIGH)
- CVE-2026-42249 — Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled... (9.8 CRITICAL)
- CVE-2026-42248 — Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables (9.8 CRITICAL)
- CVE-2025-10539 — Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselve... (4.8 MEDIUM)