securityonline.info 7/13/2026, 2:21:28 PM · external

Hydro Québec patches Le Circuit Electrique flaws, CVE-2026-20744

Hydro Québec patches Le Circuit Electrique flaws, CVE-2026-20744
CyberSIXT Evidence Panel
Primary Source cisa.gov
CISA KEV Not in KEV
Patch Patch Status Unknown

HYDRO-QU ébec disclosed three critical vulnerabilities in its Le Circuit Electrique charging station backend, with the most severe, CVE-2026-20744, rated at a CVSS score of 9.8. This flaw allows for privilege escalation and poses risks of denial-of-service attacks. All vulnerabilities are associated with improper access control, excessive authentication attempts, and insufficient session expiration. There is currently no known exploitation of these flaws, and patches are available. Affected versions are those released before June 2026, and Hydro-Québec has implemented mitigations to enhance security.

View Primary Source Via securityonline.info

Article by CyberSIXT