Skip to main content

Ev.Energy CVE-2026-24445

HIGH
Improper Restriction of Excessive Authentication Attempts (CWE-307)
2026-02-27 ics-cert@hq.dhs.gov
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Feb 27, 2026 - 01:16 nvd
HIGH 7.5

DescriptionCVE.org

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.

AnalysisAI

Ev.Energy's WebSocket API fails to implement rate limiting on authentication attempts, enabling attackers to launch denial-of-service attacks against charger telemetry systems or conduct brute-force credential attacks without restriction. This vulnerability affects all unauthenticated network-based interactions with the affected application and has no available patch at this time.

Technical ContextAI

Classified as CWE-307 (Improper Restriction of Excessive Authentication Attempts). Affects Ev.Energy. The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Share

CVE-2026-24445 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy