<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-08.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow an attacker to gain administrator rights or execute code on the affected device.</strong></p> <p>The following versions of XCharge C6 are affected:</p> <ul> <li>C6</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 9.8</td> <td>XCharge</td> <td>XCharge C6</td> <td>Download of Code Without Integrity Check, Stack-based Buffer Overflow, Initialization of a Resource with an Insecure Default</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Transportation Systems</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>United States</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-9037</a></h3> <div class="csaf-accordion-content"> <p>A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the management channel could cause the device to install an unauthorized firmware package. This condition could allow execution of unauthorized code with high privileges on the device,</p> <p><a href="https://www.cve.org/CVERecord?id=
CRITICAL
advisories
XCharge C6
CyberHawk Threat Intel — IOC Scanner, Live IOC Feed (3.6M+ indicators), Infostealer Intelligence, Threat Map, MISP Feeds, GitHub Arsenal, Courses and more. Free to join.
Register Free →
Source Attribution
This intelligence summary is sourced from CISA Advisories and curated by CyberHawk Threat Intel for the security community. Read the complete article at the source link.
Read original at CISA Advisories →
This intelligence summary is sourced from CISA Advisories and curated by CyberHawk Threat Intel for the security community. Read the complete article at the source link.
Read original at CISA Advisories →
Accelerate Your Security Operations
CyberHawk Threat Intel is a complete Cyber Intelligence Platform — one place for every tool a security professional needs. Built by Rudra Verma, Senior Security Architect at CyberHawk Consultancy.
IOC Scanner — scan any domain, IP, hash, URL
Live IOC Feed — 3.6M+ indicators, filterable
Infostealer Intelligence — live compromised creds
Live Threat Map — real-time global attack vectors
MISP Threat Feeds — CIRCL, Feodo, Botvrij, more
GitHub Arsenal — curated security tools and scripts
Security Blog — CVE advisories and threat research
Video Courses — cybersecurity training and education
SOPs and Playbooks — SecOps procedures
Analyst Library — references and toolkits
Scan Reports — historical threat intelligence
Cyber News — this feed, aggregated in-platform