CVE-2026-24696 in api.everon.io
Summary
by MITRE • 03/06/2026
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/12/2026
The vulnerability identified as CVE-2026-24696 resides within the WebSocket Application Programming Interface implementation, where insufficient controls exist to regulate the volume of authentication requests that can be processed within a given timeframe. This weakness represents a critical security gap that directly violates established security principles and best practices for API protection. The absence of rate limiting mechanisms creates an environment where malicious actors can exploit the interface without meaningful constraints on their authentication attempts.
WebSocket interfaces are increasingly prevalent in modern applications, particularly in IoT environments and real-time communication systems where continuous connectivity and low-latency data exchange are essential. The lack of authentication request rate limiting in this context creates a significant attack surface that can be leveraged for multiple malicious activities. The vulnerability specifically targets the authentication phase of WebSocket connections, where clients must establish valid credentials before accessing protected resources or services.
From an operational perspective, this vulnerability enables attackers to conduct systematic denial-of-service attacks by overwhelming the authentication infrastructure with excessive requests. The impact extends beyond simple service disruption as it can also suppress legitimate charger telemetry data, potentially leading to operational failures in critical systems such as electric vehicle charging networks or industrial monitoring platforms. The ability to misroute or suppress legitimate telemetry creates cascading effects that can compromise system integrity and operational reliability.
The vulnerability can be exploited through brute-force attacks, where attackers systematically attempt multiple authentication combinations to gain unauthorized access to protected resources. This exploitation method is particularly dangerous in environments where WebSocket interfaces handle sensitive operational data or control critical infrastructure components. The lack of rate limiting means that automated attack tools can rapidly iterate through credential combinations without encountering meaningful delays or blocking mechanisms.
This weakness aligns with CWE-307, which addresses inadequate protection against excessive authentication attempts, and represents a direct violation of the principle of least privilege and proper access control implementation. The vulnerability can be mapped to ATT&CK technique T1110, which covers credential access through brute force or password guessing methods. Organizations implementing WebSocket interfaces without proper rate limiting mechanisms face significant risk exposure, particularly in environments where unauthorized access could lead to physical security breaches or operational disruptions.
The recommended mitigations include implementing robust rate limiting controls that can monitor and restrict authentication request volumes based on user sessions, IP addresses, or other relevant identifiers. Additional protections should include account lockout mechanisms after failed authentication attempts, monitoring for suspicious activity patterns, and implementing adaptive security controls that can detect and respond to anomalous authentication behavior. Organizations should also consider implementing multi-factor authentication and other layered security controls to reduce the overall risk exposure associated with this vulnerability.