Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
WebSockets API Fails to Limit Authentication Requests
CVE-2026-25114
Summary
A missing security feature allows hackers to overwhelm a system with too many login attempts, potentially causing legitimate users to be blocked or allowing unauthorized access to the system. This could be used to disrupt the system's normal operation or gain unauthorized access to sensitive information. To protect against this, update the system to include rate limiting on authentication requests.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| cloudcharge | cloudcharge.se | All versions | – |
Original title
The WebSocket Application Programming Interface lacks restrictions on
the number of authentication requests. This absence of rate limiting may
allow an attacker to conduct denial-of-service attac...
Original description
The WebSocket Application Programming Interface lacks restrictions on
the number of authentication requests. This absence of rate limiting may
allow an attacker to conduct denial-of-service attacks by suppressing
or mis-routing legitimate charger telemetry, or conduct brute-force
attacks to gain unauthorized access.
the number of authentication requests. This absence of rate limiting may
allow an attacker to conduct denial-of-service attacks by suppressing
or mis-routing legitimate charger telemetry, or conduct brute-force
attacks to gain unauthorized access.
nvd CVSS3.1
9.8
nvd CVSS4.0
8.7
Vulnerability type
CWE-307
- https://cloudcharge.tech/support/contact/ Product
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-05... Third Party Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-03 Third Party Advisory US Government Resource
Published: 27 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026