CVE-2026-20792

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or misrouting legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://chargemap.com/en-us/support	Product
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-05.json	Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-05	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:chargemap:chargemap.com:*:*:*:*:*:*:*:*

History

02 Mar 2026, 18:31

Type	Values Removed	Values Added
References	~~() https://chargemap.com/en-us/support -~~	() https://chargemap.com/en-us/support - Product
References	~~() https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-05.json -~~	() https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-05.json - Third Party Advisory
References	~~() https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-05 -~~	() https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-05 - Third Party Advisory, US Government Resource
First Time		Chargemap chargemap.com Chargemap
CPE		cpe:2.3:a:chargemap:chargemap.com::::::::

27 Feb 2026, 14:06

Type	Values Removed	Values Added
Summary		(es) La Interfaz de Programación de Aplicaciones WebSocket carece de restricciones sobre el número de solicitudes de autenticación. Esta ausencia de limitación de velocidad puede permitir a un atacante llevar a cabo ataques de denegación de servicio al suprimir o redirigir erróneamente la telemetría legítima del cargador, o realizar ataques de fuerza bruta para obtener acceso no autorizado.

27 Feb 2026, 00:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-27 00:16

Updated : 2026-03-05 20:16

NVD link : CVE-2026-20792

Mitre link : CVE-2026-20792

CVE.ORG link : CVE-2026-20792

JSON object : View

Products Affected

chargemap

chargemap.com

CWE

CWE-307

Improper Restriction of Excessive Authentication Attempts

7.5 /10