PT-2026-22217 · Unknown · Websocket Application Programming Interface
Khaled Sarieddine
+1
·
Published
2026-02-26
·
Updated
2026-03-04
·
CVE-2026-20792
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
WebSocket Application Programming Interface (affected versions not specified)
Description
The WebSocket Application Programming Interface does not restrict the number of authentication requests. This lack of rate limiting could enable an attacker to perform denial-of-service attacks by suppressing or misrouting legitimate charger telemetry, or to conduct brute-force attacks to gain unauthorized access. The API endpoints are susceptible to abuse due to the absence of rate limiting on authentication requests. The vulnerable parameter is the authentication request itself.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
DoS
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Websocket Application Programming Interface