Which versions of EVerest are affected by CVE-2026-27828?

Organizations using EVerest should be aware of moderate risk from CVE-2026-27828, a use-after-free vulnerability rated CVSS 5.5. Exploitation could compromise the security of affected deployments.. A patch is available.

EVerest CVE-2026-27828

Q: What is the CVSS score of CVE-2026-27828?

CVE-2026-27828 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-16228 MEDIUM

Use After Free (CWE-416)

2026-03-26 GitHub_M

Denial Of Service Use After Free Memory Corruption

5.5

CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

2026.02.0

EUVD ID Assigned

Mar 26, 2026 - 16:45 euvd

EUVD-2026-16228

Analysis Generated

Mar 26, 2026 - 16:45 vuln.today

CVE Published

Mar 26, 2026 - 16:34 nvd

MEDIUM 5.5

DescriptionNVD

EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_session_setup uses v2g_ctx after it has been freed when ISO15118 initialization fails (e.g., no IPv6 link-local address). The EVSE process can be crashed remotely by an attacker with MQTT access who issues a session_setup command while v2g_ctx has been released. Version 2026.02.0 contains a patch.

AnalysisAI

EVerest charging software stack versions prior to 2026.02.0 contain a use-after-free vulnerability in the ISO15118_chargerImpl::handle_session_setup function that crashes the EVSE process when session setup commands are issued after ISO15118 initialization failure. Remote attackers with MQTT access can trigger this denial of service condition by sending a crafted session_setup command, causing the process to reference freed memory (v2g_ctx). …

RemediationAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-27828 vulnerability details – vuln.today

Back

EVerest CVE-2026-27828

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

EVerest CVE-2026-27828

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code