Vendor
Multiple critical vulnerabilities, including improper access control (CVE-2026-20744), improper restriction of excessive authentication attempts (CVE-2026-42952), and insufficient session expiration (CVE-2026-44383), affect Hydro-Québec Le Circuit Electrique charging station backend versions prior to June 2026, which if exploited could lead to privilege escalation or denial-of-service impacting critical transportation infrastructure.