Primary

Context

Mobility46 WebSocket API Rate Limiting Vulnerability Allowing Denial-of-Service and Brute-Force Attacks

Vulnerability

A vulnerability exists in the WebSocket Application Programming Interface of Mobility46 charging station management software, all versions. The issue arises from a lack of rate limiting on authentication requests, which could enable an attacker to launch denial-of-service attacks by disrupting legitimate charger telemetry or to conduct brute-force attacks to gain unauthorized access.

Impact

Exploitation of this vulnerability could lead to unauthorized administrative control over affected charging stations or cause disruptions in charging services through denial-of-service attacks.

Remediation

Mobility46 has not responded to CISA's request for coordination. For more information, contact Mobility46 via their contact page.

Added: Feb 27, 2026, 1:20 AM

Updated: Feb 27, 2026, 1:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

3.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

3.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mobility46 WebSocket API Rate Limiting Vulnerability Allowing Denial-of-Service and Brute-Force Attacks

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating