Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
Unlimited Authentication Requests in WebSocket API
CVE-2026-24445
Summary
An attacker can overwhelm the system with login attempts, potentially blocking access for legitimate users or gaining unauthorized access. This exposes sensitive data and disrupts normal service. Update the WebSocket API to add rate limiting controls.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| ev.energy | ev.energy | All versions | – |
Original title
The WebSocket Application Programming Interface lacks restrictions on
the number of authentication requests. This absence of rate limiting may
allow an attacker to conduct denial-of-service attac...
Original description
The WebSocket Application Programming Interface lacks restrictions on
the number of authentication requests. This absence of rate limiting may
allow an attacker to conduct denial-of-service attacks by suppressing
or mis-routing legitimate charger telemetry, or conduct brute-force
attacks to gain unauthorized access.
the number of authentication requests. This absence of rate limiting may
allow an attacker to conduct denial-of-service attacks by suppressing
or mis-routing legitimate charger telemetry, or conduct brute-force
attacks to gain unauthorized access.
nvd CVSS3.1
9.8
nvd CVSS4.0
8.7
Vulnerability type
CWE-307
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-05... Third Party Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-07 Third Party Advisory US Government Resource
- https://www.ev.energy/en-us Product
Published: 27 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026