CVE-2026-50176

EVoke Systems EVoke CSMS Improper Restriction of Excessive Authentication Attempts

CVSS 8.7 HIGHEPSS 0.4%CWE-307

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 8.7EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

25 jun 2026Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks or brute-force attacks to gain unauthorized access.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Productos afectados

EVoke · EVoke CSMS

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://evokesystems.com/contact-us/https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-02.json https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-02