CVE-2026-50176

HIGH NVD

CVSS Score 7.5

Severity HIGH

Published Jun 25, 2026

Vendor unknown

Description

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks or brute-force attacks to gain unauthorized access.

References

https://evokesystems.com/contact-us/
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-02.json
https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-02