CVE-2026-50176
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk31th percentile — higher than 31% of all known CVEs
Summary
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks or brute-force attacks to gain unauthorized access.
Risk Assessment
The organization is at risk of service disruption due to DoS attacks and potential account takeover resulting from successful brute-force attacks.
Recommendation
Implement rate limiting for authentication requests on the WebSocket interface, for example by blocking IP addresses after exceeding a threshold of failed login attempts.
Original NVD description (English source)
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks or brute-force attacks to gain unauthorized access.

