CVE-2026-50176
Deferred
Deferred - Pending Action
WebSocket API Authentication Rate Limiting Bypass
Vulnerability report for CVE-2026-50176, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-06-25
Last updated on: 2026-06-26
Assigner: ICS-CERT
Description
Description
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks or brute-force attacks to gain unauthorized access.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| evoke | charging_station_management_system | * |
| evoke | electric_vehicle_supply_equipment | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |