Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
Unlimited Auth Requests Allow Denial-of-Service or Unauthorized Access on WebSocket App
CVE-2026-24696
Summary
The WebSocket API does not limit how many authentication requests it accepts, which means an attacker could flood the system with fake requests, disrupting normal operation or gaining unauthorized access. This could impact the reliability of the system or compromise its security. To mitigate this, consider implementing rate limiting on authentication requests.
Original title
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks...
Original description
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.
nvd CVSS3.1
7.5
nvd CVSS4.0
8.7
Vulnerability type
CWE-307
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026