PT-2026-22217 · Unknown · Websocket Application Programming Interface

Khaled Sarieddine

Publicado

2026-02-26

Atualizado

2026-03-04

CVE-2026-20792

CVSS v4.0

8.7

Alta

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions WebSocket Application Programming Interface (affected versions not specified)

Description The WebSocket Application Programming Interface does not restrict the number of authentication requests. This lack of rate limiting could enable an attacker to perform denial-of-service attacks by suppressing or misrouting legitimate charger telemetry, or to conduct brute-force attacks to gain unauthorized access. The API endpoints are susceptible to abuse due to the absence of rate limiting on authentication requests. The vulnerable parameter is the authentication request itself.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Improper Restriction of Excessive Authentication Attempts

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-307

Identificadores relacionados

CVE-2026-20792

Produtos afetados

Websocket Application Programming Interface

PT-2026-22217 · Unknown · Websocket Application Programming Interface

CVE-2026-20792

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8