CVE-2026-20882

HIGH 7.5

Mobiliti e-mobi.hu Improper Restriction of Excessive Authentication Attempts

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.

CWE	CWE-307
Vendor	mobiliti
Product	e-mobi.hu
Published	Mar 6, 2026
Last Updated	Mar 10, 2026

Stay Ahead of the Next One

Get instant alerts for mobiliti e-mobi.hu

Be the first to know when new high vulnerabilities affecting mobiliti e-mobi.hu are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected Versions

Mobiliti / e-mobi.hu

All versions

References

NVD ↗ CVE.org ↗ EPSS Data ↗

mobiliti.hu: https://mobiliti.hu/emobilitas/ugyfeltamogatas/ugyfelszolgalat cisa.gov: https://www.cisa.gov/news-events/ics-advisories/icsa-26-062-06 github.com: https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-062-06.json

Credits

Khaled Sarieddine and Mohammad Ali Sayed reported this vulnerability to CISA.