Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
Unlimited Login Attempts in WebSocket Interface
CVE-2026-20792
Summary
The WebSocket interface doesn't limit the number of login attempts, which allows attackers to overwhelm the system with fake logins, potentially disrupting normal operations or gaining unauthorized access. This could lead to a denial-of-service or unauthorized access. Update your WebSocket interface to implement rate limiting to prevent this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| chargemap | chargemap.com | All versions | – |
Original title
The WebSocket Application Programming Interface lacks restrictions on
the number of authentication requests. This absence of rate limiting may
allow an attacker to conduct denial-of-service attac...
Original description
The WebSocket Application Programming Interface lacks restrictions on
the number of authentication requests. This absence of rate limiting may
allow an attacker to conduct denial-of-service attacks by suppressing
or misrouting legitimate charger telemetry, or conduct brute-force
attacks to gain unauthorized access.
the number of authentication requests. This absence of rate limiting may
allow an attacker to conduct denial-of-service attacks by suppressing
or misrouting legitimate charger telemetry, or conduct brute-force
attacks to gain unauthorized access.
nvd CVSS3.1
9.8
nvd CVSS4.0
8.7
Vulnerability type
CWE-307
- https://chargemap.com/en-us/support Product
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-05... Third Party Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-05 Third Party Advisory US Government Resource
Published: 27 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026