VYPR
High severity7.5NVD Advisory· Published Mar 20, 2026· Updated May 6, 2026

CVE-2026-31904

CVE-2026-31904

Description

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Ctek/Chargeportal2 versions
    cpe:2.3:a:ctek:charge_portal:-:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:ctek:charge_portal:-:*:*:*:*:*:*:*
    • (no CPE)range: All versions

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.

CVE-2026-31904 · High · VYPR