Skip to main content

Chargemap.Com CVE-2026-20792

HIGH
Improper Restriction of Excessive Authentication Attempts (CWE-307)
2026-02-27 ics-cert@hq.dhs.gov
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Feb 27, 2026 - 00:16 nvd
HIGH 7.5

DescriptionCVE.org

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or misrouting legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.

AnalysisAI

Chargemap.Com's WebSocket API lacks authentication rate limiting, enabling attackers to launch denial-of-service attacks that disrupt charger telemetry or conduct brute-force credential attacks against user accounts. The vulnerability affects all users of the platform and currently has no available patch. With a CVSS score of 7.5 and minimal exploit prerequisites (no authentication or user interaction required), this represents a significant availability risk.

Technical ContextAI

Classified as CWE-307 (Improper Restriction of Excessive Authentication Attempts). Affects Chargemap.Com. The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or misrouting legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Share

CVE-2026-20792 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy