WebSocket API Vulnerability in E-Power Products
CVE-2026-27778

8.7HIGH

Key Information:

Vendor: Epower
Status: Epower.ie
Vendor: CVE Published:; 5 March 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-27778?

The WebSocket Application Programming Interface in E-Power systems is vulnerable due to a lack of restrictions on the number of authentication requests. This vulnerability can be exploited by attackers to perform denial-of-service attacks, which may disrupt legitimate charger telemetry. Additionally, the absence of proper rate limiting allows for potential brute-force attacks, enabling unauthorized access to sensitive systems and data.

Affected Version(s)

epower.ie All versions

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

PoC-Simulator_CVE-2026-27778
Created by KimJ6

References

https://epower.ie/support/

https://www.cisa.gov/news-events/ics-advisories/icsa-26-0...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 4, 2026
👾
Exploit known to exist
May 4, 2026
Vulnerability published
Mar 5, 2026
Vulnerability Reserved
Feb 24, 2026

Credit

Khaled Sarieddine and Mohammad Ali Sayed reported this vulnerability to CISA.

CVE-2026-27778 Data

JSON

Epower

Badges

What is CVE-2026-27778?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline

Credit