CVE-2026-25945NVD

Vulnerability Summary

The WebSocket Application Programming Interface lacks restrictions on
the number of authentication requests. This absence of rate limiting may
allow an attacker to conduct denial-of-service attacks by suppressing
or mis-routing legitimate charger telemetry, or conduct brute-force
attacks to gain unauthorized access.

Severity Level

HIGH(7.5)

Published Date

Feb 27, 2026

Last Modified

Feb 27, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.09%Probability

Root Weakness (CWE)

CWE-307: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityNone

IntegrityNone

AvailabilityHigh

External References

https://ev2go.io/
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-04.json
https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-04

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2026-25945NVD

Vulnerability Summary

External References