The AuthenticateMethod authentication hook is not called for WebSocket connections, allowing unauthenticated access.
This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not explicitly use WebSockets are not vulnerable.