PT-2026-23712 · Unknown · Websocket Application Programming Interface

Published

2026-03-06

Updated

2026-05-05

CVE-2026-20882

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions WebSocket Application Programming Interface (affected versions not specified)

Description The WebSocket Application Programming Interface does not restrict the number of authentication requests. This lack of rate limiting could enable an attacker to perform denial-of-service attacks by disrupting legitimate charger telemetry or conducting brute-force attacks to gain unauthorized access. The API endpoint is vulnerable to abuse due to the absence of authentication request limitations.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307

Related Identifiers

CVE-2026-20882

Affected Products

Websocket Application Programming Interface

PT-2026-23712 · Unknown · Websocket Application Programming Interface

CVE-2026-20882

Weakness Enumeration

Related Identifiers

Affected Products

References · 6