Primary

Context

EV Energy WebSocket API Rate Limiting Vulnerability Allowing Denial-of-Service and Brute-Force Attacks

Vulnerability

A vulnerability exists in the WebSocket API of EV Energy's charging management platform, allowing for an absence of rate limiting on authentication requests. This flaw could enable denial-of-service attacks by disrupting or misdirecting legitimate charger telemetry. Additionally, it could facilitate brute-force attacks to gain unauthorized access. The vulnerability affects all versions of EV Energy's platform.

Impact

Exploitation of this vulnerability could lead to unauthorized administrative control over affected charging stations or cause disruptions in charging services, similar to the impacts described in the advisory for CVE-2026-25774.

Remediation

EV Energy did not respond to CISA's request for coordination. Contact EV Energy using their contact page for more information.

Added: Feb 27, 2026, 1:24 AM

Updated: Feb 27, 2026, 1:24 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.8

exploitability

7.4

remediation

0.0

relevance

3.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.8

exploitability

7.4

remediation

0.0

relevance

3.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

EV Energy WebSocket API Rate Limiting Vulnerability Allowing Denial-of-Service and Brute-Force Attacks

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating