CVE-2026-24696
Authentication Request Rate Limiting Flaw in WebSocket API Enables DoS, Brute-Force
Publication date: 2026-03-06
Last updated on: 2026-05-06
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| everon | api.everon.io | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-24696 is a vulnerability in the WebSocket Application Programming Interface (API) of a charging station platform identified as CSAFPID-0001.
The vulnerability arises because the WebSocket API does not limit the number of authentication requests an attacker can make.
This lack of rate limiting allows attackers to perform denial-of-service (DoS) attacks by suppressing or misrouting legitimate charger telemetry data.
Additionally, attackers can conduct brute-force attacks to gain unauthorized access to the system.
How can this vulnerability impact me? :
This vulnerability can impact you by enabling attackers to disrupt the availability of the charging station platform through denial-of-service attacks.
Such attacks can suppress or misroute legitimate telemetry data, potentially causing operational failures or loss of service.
Moreover, the vulnerability allows brute-force attacks that could lead to unauthorized access, compromising system security.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the WebSocket API lacking rate limiting on authentication requests, which may be detected by monitoring for excessive or abnormal authentication attempts over the network.
Detection can involve analyzing network traffic for unusually high volumes of authentication requests to the WebSocket API endpoints, which may indicate brute-force or denial-of-service attempts.
Specific commands are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include minimizing network exposure of control system devices and isolating control system networks behind firewalls.
Use secure remote access methods such as updated VPNs to reduce the risk of unauthorized access.
Perform proper impact analysis and risk assessments before deploying any defensive measures.
Follow established procedures for reporting suspected malicious activity to CISA.
Note that the affected platform by Everon was shut down on December 1st, 2025, which is a key mitigation step.