CVE Catalog

CVE-2026-50176

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.39%

31th percentile — higher than 31% of all known CVEs

Summary

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks or brute-force attacks to gain unauthorized access.

Risk Assessment

The organization is at risk of service disruption due to DoS attacks and potential account takeover resulting from successful brute-force attacks.

Recommendation

Implement rate limiting for authentication requests on the WebSocket interface, for example by blocking IP addresses after exceeding a threshold of failed login attempts.

Original NVD description (English source)

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks or brute-force attacks to gain unauthorized access.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS