A vulnerability was found in Hydro-Québec Le Circuit Electrique charging station backend. It has been declared as very critical. The impacted element is an unknown function of the component Charging Station WebSocket Endpoint. The manipulation results in improper authentication.
This vulnerability is known as CVE-2026-20744. It is possible to launch the attack remotely. No exploit is available.