{"vulnerability": "CVE-2026-41893", "sightings": [{"uuid": "a126b841-66f9-469e-af9d-19002533b5aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41893", "type": "published-proof-of-concept", "source": "https://github.com/SignalK/signalk-server/security/advisories/GHSA-vmfm-ch9h-5c7g", "content": "", "creation_timestamp": "2026-04-23T17:45:50.000000Z"}, {"uuid": "3d5ab42b-74b2-4fb2-b680-c323592bb275", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41893", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116549813973032624", "content": "\ud83d\udee1\ufe0f HIGH severity in SignalK signalk-server <2.25.0 (CVE-2026-41893): WebSocket login bypasses rate limits, enabling fast brute force attacks. Patch to 2.25.0+ ASAP. Details: https://radar.offseq.com/threat/cve-2026-41893-cwe-307-improper-restriction-of-exc-a656937b #OffSeq #infosec #vuln #bruteforce", "creation_timestamp": "2026-05-10T10:30:27.621952Z"}, {"uuid": "677a5b80-0a61-403d-aadc-1917581ad32b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41893", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mlikjaceor2p", "content": "SignalK signalk-server <2.25.0 has a HIGH severity flaw: attackers can brute force passwords via WebSocket with no rate limit. Upgrade to 2.25.0+ to stay protected. \ud83d\udd12 https://radar.offseq.com/threat/cve-2026-41893-cwe-307-improper-restriction-of-exc-a656937b #OffSeq #cybersecurity #vuln", "creation_timestamp": "2026-05-10T10:30:29.331059Z"}, {"uuid": "b257e4ff-a794-42da-b55b-4fae1a54ad39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41893", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlh66esqzt2e", "content": "CVE-2026-41893 - Signal K Server's WebSocket Login Endpoint Lacks Rate Limiting (Credential Brute-Force)\nCVE ID : CVE-2026-41893\n \n Published : May 9, 2026, 8:16 p.m. | 33\u00a0minutes ago\n \n Description : Signal K Server is a server application that runs on a central hub in a boat...", "creation_timestamp": "2026-05-09T21:17:00.057280Z"}]}