Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
Unrestricted Authentication Requests in WebSocket API May Enable Denial-of-Service Attacks
CVE-2026-27778
Summary
The WebSocket API in [affected software] does not limit the number of authentication requests, which allows hackers to flood the system with fake requests and disrupt or gain unauthorized access to legitimate users. This can prevent authorized users from accessing the system or gaining unauthorized access to sensitive information. To address this issue, consider implementing rate limiting on authentication requests or using additional security measures to prevent abuse.
Original title
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks...
Original description
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.
nvd CVSS3.1
7.5
nvd CVSS4.0
8.7
Vulnerability type
CWE-307
Published: 6 Mar 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026