PT-2026-22265 · Unknown · Websocket Application Programming Interface

Khaled Sarieddine

Published

2026-02-27

Updated

2026-03-04

CVE-2026-26305

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions WebSocket Application Programming Interface (affected versions not specified)

Description The WebSocket Application Programming Interface does not limit the number of authentication requests. This lack of rate limiting could enable an attacker to perform denial-of-service attacks by suppressing or misrouting legitimate charger telemetry. It may also allow attackers to conduct brute-force attacks to gain unauthorized access. The API endpoints are susceptible to abuse due to the absence of request restrictions. The authentication process is vulnerable to brute-force attempts.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307

Related Identifiers

CVE-2026-26305

Affected Products

Websocket Application Programming Interface

PT-2026-22265 · Unknown · Websocket Application Programming Interface

CVE-2026-26305

Weakness Enumeration

Related Identifiers

Affected Products

References · 10