PT-2026-22265 · Unknown · Websocket Application Programming Interface

Khaled Sarieddine

Publicado

2026-02-27

Atualizado

2026-03-04

CVE-2026-26305

CVSS v4.0

8.7

Alta

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions WebSocket Application Programming Interface (affected versions not specified)

Description The WebSocket Application Programming Interface does not limit the number of authentication requests. This lack of rate limiting could enable an attacker to perform denial-of-service attacks by suppressing or misrouting legitimate charger telemetry. It may also allow attackers to conduct brute-force attacks to gain unauthorized access. The API endpoints are susceptible to abuse due to the absence of request restrictions. The authentication process is vulnerable to brute-force attempts.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Improper Restriction of Excessive Authentication Attempts

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-307

Identificadores relacionados

CVE-2026-26305

Produtos afetados

Websocket Application Programming Interface

PT-2026-22265 · Unknown · Websocket Application Programming Interface

CVE-2026-26305

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10