Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
WebSocket API Allows Uncontrolled Login Attempts, Threatening Service Availability
CVE-2026-20882
Summary
An issue with the WebSocket API allows attackers to repeatedly try to log in without limits, potentially overwhelming the system and blocking legitimate users or gaining unauthorized access by trying many passwords.
Original title
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks...
Original description
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.
nvd CVSS3.1
7.5
nvd CVSS4.0
8.7
Vulnerability type
CWE-307
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026