Which versions of XCharge C6 are affected by CVE-2026-9038?

The XCharge C6 charging controller contains a critical memory corruption vulnerability (CVE-2026-9038, CVSS 8.6) enabling code execution with elevated privileges when attackers gain physical access…

XCharge C6 CVE-2026-9038

Q: What is the CVSS score of CVE-2026-9038?

CVE-2026-9038 has a CVSS 4.0 base score of 8.6 (High). CVSS vector: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

EUVD-2026-33003 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-05-28 icscert

Buffer Overflow Stack Overflow C6

8.6

CVSS 4.0

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

May 28, 2026 - 20:22 vuln.today

CVSS changed

May 28, 2026 - 20:22 NVD

8.6 (HIGH)

DescriptionNVD

A stack-based buffer overflow vulnerability in the charging controller’s signal-processing logic allows an attacker with physical access to the charging interface to supply message fields that exceed expected bounds. Because the input is not sufficiently validated, memory corruption may occur, which can lead to execution of unauthorized code with elevated privileges.

AnalysisAI

Stack-based buffer overflow in the XCharge C6 charging controller's signal-processing logic enables an attacker with physical access to the charging interface to corrupt memory by sending oversized message fields, potentially gaining code execution with elevated privileges. Reported through CISA's ICS-CERT under advisory ICSA-26-148-08, the flaw carries a CVSS 4.0 score of 8.6 driven by high impact to confidentiality, integrity, and availability of both the vulnerable component and adjacent subsystems. …

RemediationAI

24 hours: Inventory all XCharge C6 charging controllers deployed in your environment and assess physical security perimeter access; restrict and monitor physical access to charging interfaces. 7 days: Implement network segmentation isolating XCharge C6 systems from critical business networks and deploy enhanced monitoring for unauthorized access or system configuration changes. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-9038 vulnerability details – vuln.today

Back

XCharge C6 CVE-2026-9038

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

XCharge C6 CVE-2026-9038

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code