Is Stack Overflow affected by CVE-2026-22790?

EVerest electric vehicle charging infrastructure is vulnerable to remote code execution via malformed network frames, allowing attackers with adjacent network access to compromise charging systems and potentially disrupt EV charging operations or gain control of connected infrastructure.

CVE-2026-22790

EUVD-2026-16197 HIGH

2026-03-26 GitHub_M

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 26, 2026 - 15:00 euvd

EUVD-2026-16197

Analysis Generated

Mar 26, 2026 - 15:00 vuln.today

CVE Published

Mar 26, 2026 - 14:31 nvd

HIGH 8.8

Description

EVerest is an EV charging software stack. Prior to version 2026.02.0, `HomeplugMessage::setup_payload` trusts `len` after an `assert`; in release builds the check is removed, so oversized SLAC payloads are `memcpy`'d into a ~1497-byte stack buffer, corrupting the stack and enabling remote code execution from network-provided frames. Version 2026.02.0 contains a patch.

Analysis

Remote code execution vulnerability in EVerest electric vehicle charging software stack allows adjacent network attackers to execute arbitrary code by sending malformed SLAC protocol frames. EVerest-core versions prior to 2026.02.0 are affected due to a stack buffer overflow in HomeplugMessage::setup_payload that trusts an attacker-controlled length parameter in release builds. …

Remediation

Within 24 hours: Identify all systems running EVerest-core and document current versions; implement network segmentation to restrict access to charging software to trusted administrative networks only. Within 7 days: Evaluate and deploy compensating controls including disabling or restricting SLAC protocol endpoints where operationally feasible; review charging network architecture for adjacent network exposure. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +44

POC: 0

CVE-2026-22790 vulnerability details – vuln.today

Back

CVE-2026-22790

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-22790

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code