Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionGitHub Advisory
EVerest is an EV charging software stack. Prior to version 2026.02.0, an off-by-one check in IsoMux certificate filename handling causes a stack-based buffer overflow when a filename length equals MAX_FILE_NAME_LENGTH (100). A crafted filename in the certificate directory can overflow file_names[idx], corrupting stack state and enabling potential code execution. Version 2026.02.0 contains a patch.
AnalysisAI
Stack-based buffer overflow in EVerest EV charging software stack enables local code execution when processing certificate filenames of exactly 100 characters due to off-by-one boundary check error in IsoMux component. EVerest-core versions prior to 2026.02.0 are affected (CPE cpe:2.3:a:everest:everest-core). …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Local attacker must place a crafted certificate file with exactly 100-character filename in EVerest's certificate directory on affected systems running versions prior to 2026.02.0. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS base score of 8.4 reflects high severity, with the vector CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H indicating local attack vector, low complexity, no privileges required, and high impact across confidentiality, integrity, and availability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with local filesystem access to the EV charging system places a specially crafted certificate file with a filename of exactly 100 characters in the certificate directory monitored by the IsoMux component. When EVerest processes this certificate during initialization or certificate refresh operations, the off-by-one check fails to reject the oversized filename, triggering a stack buffer overflow that overwrites return addresses or function pointers with attacker-controlled data, enabling arbitrary code execution with the privileges of the EVerest process. … |
| Remediation | Upgrade EVerest everest-core to version 2026.02.0 or later, which contains a patch addressing the off-by-one boundary check error (vendor-released patch: version 2026.02.0). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all EV charging systems running EVerest-core versions prior to 2026.02.0 using vulnerability scanning or asset inventory review. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Everest Core
View allRemote code execution vulnerability in EVerest electric vehicle charging software stack allows adjacent network attacker
Stack-based buffer overflow in EVerest EV charging software allows unauthenticated local attackers to execute arbitrary
Concurrent access to shared memory in EVerest EV charging software (versions prior to 2026.02.0) enables remote attacker
Out-of-bounds vector access in EVerest EV charging software (everest-core versions before 2026.02.0) enables remote unau
Concurrent access to an internal event queue in EVerest-core (EV charging software stack) enables remote attackers to co
EVerest charging software stack versions prior to 2026.02.0 suffer from a data race condition in queue/deque handling tr
EVerest charging software stack versions prior to 2026.02.0 contain a use-after-free vulnerability in the ISO15118_charg
EVerest-Core prior to version 2026.02.0 contains an out-of-bounds write vulnerability in the ISO15118_chargerImpl::handl
Out-of-bounds memory writes in EVerest charging software stack versions prior to 2026.02.0 allow local attackers to corr
EVerest charging software stack versions prior to 2026.02.0 contain a data race condition leading to use-after-free memo
EVerest charging software stack versions prior to 2026.02.0 allow EV operators to bypass remote stop commands issued by
EVerest-core prior to version 2026.02.0 fails to properly terminate EV charging transactions during remote stop operatio
Same weakness CWE-193 – Off-by-one Error
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16173