CVE-2026-9037

UNKNOWN 0.0

Download of code without integrity check in XCharge C6

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the management channel could cause the device to install an unauthorized firmware package. This condition could allow execution of unauthorized code with high privileges on the device.

CWE	CWE-494
Vendor	xcharge
Product	c6
Published	May 28, 2026
Last Updated	May 29, 2026

Stay Ahead of the Next One

Get instant alerts for xcharge c6

Be the first to know when new unknown vulnerabilities affecting xcharge c6 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

XCharge / C6

0 < May_22_2026

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cisa.gov: https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-08

Credits

Lionel R. Saposnik of SaiFlow reported these vulnerabilities to CISA.