Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionGitHub Advisory
EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_update_energy_transfer_modes copies a variable-length list into a fixed-size array of length 6 without bounds checking. With schema validation disabled by default, oversized MQTT Cmd payloads can trigger out-of-bounds writes and corrupt adjacent EVSE state or crash the process. Version 2026.02.0 contains a patch.
AnalysisAI
EVerest-Core prior to version 2026.02.0 contains an out-of-bounds write vulnerability in the ISO15118_chargerImpl::handle_update_energy_transfer_modes function, where variable-length MQTT command payloads are copied into a fixed-size 6-element array without bounds checking. When schema validation is disabled by default, oversized payloads trigger memory corruption that can crash the EV charging service or corrupt adjacent EVSE (Electric Vehicle Supply Equipment) state, affecting the integrity and availability of EV charging infrastructure. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Vulnerability AssessmentAI
| Risk Assessment | The CVSS v4.0 base score of 5.5 with vector AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N indicates local attack vector with low complexity, no privileges or user interaction required, resulting in high availability impact (service crash) but no direct confidentiality or integrity compromise of other security domains. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with network access to an EVerest-Core MQTT broker (or who has compromised a legitimate MQTT client) crafts an oversized energy_transfer_modes list payload in an ISO15118 Cmd message containing more than 6 mode entries. When the charger processes this message with schema validation disabled, the handle_update_energy_transfer_modes function copies the entire list into the fixed 6-element array, overwriting adjacent EVSE state variables in memory. … |
| Remediation | Upgrade EVerest-Core to version 2026.02.0 or later, which contains the patch for the out-of-bounds write vulnerability. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Everest Core
View allRemote code execution vulnerability in EVerest electric vehicle charging software stack allows adjacent network attacker
Stack-based buffer overflow in EVerest EV charging software allows unauthenticated local attackers to execute arbitrary
Stack-based buffer overflow in EVerest EV charging software stack enables local code execution when processing certifica
Concurrent access to shared memory in EVerest EV charging software (versions prior to 2026.02.0) enables remote attacker
Out-of-bounds vector access in EVerest EV charging software (everest-core versions before 2026.02.0) enables remote unau
Concurrent access to an internal event queue in EVerest-core (EV charging software stack) enables remote attackers to co
EVerest charging software stack versions prior to 2026.02.0 suffer from a data race condition in queue/deque handling tr
EVerest charging software stack versions prior to 2026.02.0 contain a use-after-free vulnerability in the ISO15118_charg
Out-of-bounds memory writes in EVerest charging software stack versions prior to 2026.02.0 allow local attackers to corr
EVerest charging software stack versions prior to 2026.02.0 contain a data race condition leading to use-after-free memo
EVerest charging software stack versions prior to 2026.02.0 allow EV operators to bypass remote stop commands issued by
EVerest-core prior to version 2026.02.0 fails to properly terminate EV charging transactions during remote stop operatio
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16226