PatchSiren cyber security CVE debrief
CVE-2026-24445 EV Energy CVE debrief
CVE-2026-24445 is a high-severity issue in EV Energy / ev.energy where the WebSocket API does not restrict authentication request volume. According to CISA, that absence of rate limiting can let an attacker interfere with charger telemetry delivery or try repeated authentication attempts to gain unauthorized access. The advisory was initially published on 2026-02-26 and does not include a vendor patch or detailed fix status; CISA notes EV Energy did not respond to its coordination request.
- Vendor
- EV Energy
- Product
- Unknown
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-02-26
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-02-26
Who should care
Organizations that use EV Energy / ev.energy, especially teams responsible for charger operations, telemetry integrity, authentication services, and security monitoring. SOC and platform teams should pay attention if the WebSocket API is reachable from untrusted networks.
Technical summary
The reported weakness is a missing restriction on the number of authentication requests handled by the WebSocket application programming interface. The provided CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating a network-reachable condition with no required privileges or user interaction and a primary availability impact. CISA’s description ties the issue to denial-of-service risk through suppression or mis-routing of legitimate charger telemetry, as well as brute-force attempts against authentication. The source corpus also references CWE-307 (improper restriction of excessive authentication attempts).
Defensive priority
High. Prioritize mitigation for any externally reachable WebSocket authentication endpoint, because the issue can directly affect availability and may also support repeated login attempts.
Recommended defensive actions
- Review any exposure of the ev.energy WebSocket API and restrict access to trusted clients and networks where possible.
- Add or verify authentication rate limiting, throttling, lockout, and anomaly detection on WebSocket authentication flows.
- Monitor for unusual authentication burst patterns, telemetry gaps, and mis-routing symptoms that could indicate abuse.
- Segment and prioritize monitoring for charger telemetry paths so a service degradation event is detected quickly.
- Consult CISA advisory ICSA-26-057-07 and the vendor contact page for current coordination or remediation updates.
- Apply general ICS defensive-in-depth guidance from the cited CISA best-practice resources while awaiting vendor guidance.
Evidence notes
All substantive claims in this debrief come from the supplied CISA CSAF advisory ICSA-26-057-07 and its embedded notes: the issue is a lack of restrictions on WebSocket authentication requests, the listed impacts are telemetry suppression/mis-routing and brute-force access attempts, and the advisory states EV Energy did not respond to CISA’s coordination request. The timing reflects the supplied publication and modification timestamps of 2026-02-26T07:00:00.000Z. No exploit code, proof-of-concept details, or unsupported affected-version information was used.
Official resources
-
CVE-2026-24445 CVE record
CVE.org
-
CVE-2026-24445 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published ICSA-26-057-07 / CVE-2026-24445 on 2026-02-26. The advisory states that EV Energy did not respond to CISA’s request for coordination, and no vendor fix is described in the supplied source corpus.