WebSocket API Vulnerability in EV2Go Products
CVE-2026-25945

8.7HIGH

Key Information:

Vendor: Ev2go
Status: Ev2go.io
Vendor: CVE Published:; 26 February 2026

What is CVE-2026-25945?

The WebSocket Application Programming Interface utilized by EV2Go is vulnerable due to a lack of restrictions on the volume of authentication requests. This vulnerability permits attackers to potentially execute denial-of-service attacks, disrupting or misdirecting legitimate telemetry data. Additionally, it opens the door for brute-force attacks aimed at unauthorized access. Organizations using this API should implement thorough security measures to mitigate these risks.

Affected Version(s)

ev2go.io All versions

References

https://ev2go.io/

https://www.cisa.gov/news-events/ics-advisories/icsa-26-0...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 26, 2026
Vulnerability Reserved
Feb 23, 2026

Credit

Khaled Sarieddine and Mohammad Ali Sayed reported this vulnerability to CISA.

CVE-2026-25945 Data

JSON

Ev2go

What is CVE-2026-25945?

Affected Version(s)

References

CVSS V4

Timeline

Credit