HYDRO-QU ébec disclosed three critical vulnerabilities in its Le Circuit Electrique charging station backend, with the most severe, CVE-2026-20744, rated at a CVSS score of 9.8. This flaw allows for privilege escalation and poses risks of denial-of-service attacks. All vulnerabilities are associated with improper access control, excessive authentication attempts, and insufficient session expiration. There is currently no known exploitation of these flaws, and patches are available. Affected versions are those released before June 2026, and Hydro-Québec has implemented mitigations to enhance security.
Hydro Québec patches Le Circuit Electrique flaws, CVE-2026-20744
CyberSIXT Evidence Panel
Article by CyberSIXT