Denial-of-Service Vulnerability in CloudCharge WebSocket API
CVE-2026-25114

8.7HIGH

Key Information:

Vendor: Cloudcharge
Status: Cloudcharge.se
Vendor: CVE Published:; 26 February 2026

🔔 Create Cloudcharge Vulnerability Alert

What is CVE-2026-25114?

A vulnerability exists in the CloudCharge WebSocket Application Programming Interface due to insufficient rate limiting on authentication requests. This allows attackers to overwhelm the system, potentially leading to a denial-of-service condition where legitimate requests are suppressed or mis-routed. Moreover, the lack of restrictions enables brute-force attacks aimed at unauthorized access to sensitive telemetry data, posing a significant security threat.

Affected Version(s)

cloudcharge.se All versions

References

https://cloudcharge.tech/support/contact/

https://www.cisa.gov/news-events/ics-advisories/icsa-26-0...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 26, 2026
Vulnerability Reserved
Feb 24, 2026

Credit

Khaled Sarieddine and Mohammad Ali Sayed reported this vulnerability to CISA.

CVE-2026-25114 Data

JSON