Cyber Resilience

CVE-2026-20792

High

Published: 27 February 2026

Published
27 February 2026
Modified
05 March 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0048 37.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-20792 is a high-severity Improper Restriction of Excessive Authentication Attempts (CWE-307) vulnerability in Chargemap Chargemap.Com. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Brute Force (T1110); ranked at the 37.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-7 (Unsuccessful Logon Attempts) and SC-5 (Denial-of-service Protection).

Deeper analysis

CVE-2026-20792 is a vulnerability in the WebSocket Application Programming Interface that lacks restrictions on the number of authentication requests due to the absence of rate limiting. Published on 2026-02-27, it is associated with systems handling charger telemetry and is documented in CISA's ICS advisory ICSA-26-057-05, ChargeMap support resources, and related CSAF files. The issue corresponds to CWE-307 (Improper Restriction of Excessive Authentication Attempts) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Remote attackers require no privileges or user interaction and can exploit the vulnerability over the network with low attack complexity. Successful exploitation enables denial-of-service attacks by suppressing or misrouting legitimate charger telemetry data, or brute-force attacks to gain unauthorized access to the system.

Mitigation details are provided in the referenced advisories, including CISA's ICSA-26-057-05 at https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-05, the corresponding CSAF JSON file at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-05.json, and ChargeMap support at https://chargemap.com/en-us/support.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or misrouting legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized…

more

access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1110 Brute Force Credential Access
Adversaries may use brute force techniques to gain access to accounts when passwords are unknown or when password hashes are obtained.
T1499 Endpoint Denial of Service Impact
Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users.
Why these techniques?

Missing rate limiting on auth requests directly enables brute-force credential access (T1110) and DoS via request flooding on the service endpoint (T1499).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-20791Same product: Chargemap Chargemap.Com
CVE-2026-25851Same product: Chargemap Chargemap.Com
CVE-2026-25711Same product: Chargemap Chargemap.Com
CVE-2026-24445Shared CWE-307
CVE-2026-26305Shared CWE-307
CVE-2026-25945Shared CWE-307
CVE-2026-45364Shared CWE-307
CVE-2025-69246Shared CWE-307
CVE-2026-45010Shared CWE-307
CVE-2026-22278Shared CWE-307

Affected Assets

chargemap
chargemap.com
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

AC-7 enforces limits and lockouts on unsuccessful logon attempts, directly preventing brute-force attacks and resource exhaustion from unlimited authentication requests in the WebSocket API.

prevent

SC-5 implements denial-of-service protections like rate limiting, mitigating suppression or misrouting of legitimate charger telemetry via excessive authentication requests.

detect

SI-4 monitors the system for indicators of excessive authentication attempts, enabling detection of brute-force or DoS exploitation in progress.

References