Skip to main content

Everest Core EUVDEUVD-2026-16173

| CVE-2026-22593 HIGH
Off-by-one Error (CWE-193)
2026-03-26 GitHub_M
8.4
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.4 HIGH
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:13 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
2026.02.0
EUVD ID Assigned
Mar 26, 2026 - 14:30 euvd
EUVD-2026-16173
Analysis Generated
Mar 26, 2026 - 14:30 vuln.today
CVE Published
Mar 26, 2026 - 13:49 nvd
HIGH 8.4

DescriptionGitHub Advisory

EVerest is an EV charging software stack. Prior to version 2026.02.0, an off-by-one check in IsoMux certificate filename handling causes a stack-based buffer overflow when a filename length equals MAX_FILE_NAME_LENGTH (100). A crafted filename in the certificate directory can overflow file_names[idx], corrupting stack state and enabling potential code execution. Version 2026.02.0 contains a patch.

AnalysisAI

Stack-based buffer overflow in EVerest EV charging software stack enables local code execution when processing certificate filenames of exactly 100 characters due to off-by-one boundary check error in IsoMux component. EVerest-core versions prior to 2026.02.0 are affected (CPE cpe:2.3:a:everest:everest-core). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Place crafted certificate file with 100-char filename
Delivery
Trigger off-by-one check in IsoMux parser
Exploit
Overflow file_names array on stack
Execution
Corrupt stack canary and return pointer
Impact
Execute arbitrary code in EVerest process

Vulnerability AssessmentAI

Exploitation Local attacker must place a crafted certificate file with exactly 100-character filename in EVerest's certificate directory on affected systems running versions prior to 2026.02.0. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS base score of 8.4 reflects high severity, with the vector CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H indicating local attack vector, low complexity, no privileges required, and high impact across confidentiality, integrity, and availability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with local filesystem access to the EV charging system places a specially crafted certificate file with a filename of exactly 100 characters in the certificate directory monitored by the IsoMux component. When EVerest processes this certificate during initialization or certificate refresh operations, the off-by-one check fails to reject the oversized filename, triggering a stack buffer overflow that overwrites return addresses or function pointers with attacker-controlled data, enabling arbitrary code execution with the privileges of the EVerest process. …
Remediation Upgrade EVerest everest-core to version 2026.02.0 or later, which contains a patch addressing the off-by-one boundary check error (vendor-released patch: version 2026.02.0). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all EV charging systems running EVerest-core versions prior to 2026.02.0 using vulnerability scanning or asset inventory review. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-22790 HIGH
8.8 Mar 26

Remote code execution vulnerability in EVerest electric vehicle charging software stack allows adjacent network attacker

CVE-2026-23995 HIGH
8.4 Mar 26

Stack-based buffer overflow in EVerest EV charging software allows unauthenticated local attackers to execute arbitrary

CVE-2026-33009 HIGH
8.2 Mar 26

Concurrent access to shared memory in EVerest EV charging software (versions prior to 2026.02.0) enables remote attacker

CVE-2026-26008 HIGH
7.5 Mar 26

Out-of-bounds vector access in EVerest EV charging software (everest-core versions before 2026.02.0) enables remote unau

CVE-2026-26074 HIGH
7.0 Mar 26

Concurrent access to an internal event queue in EVerest-core (EV charging software stack) enables remote attackers to co

CVE-2026-26073 MEDIUM
5.9 Mar 26

EVerest charging software stack versions prior to 2026.02.0 suffer from a data race condition in queue/deque handling tr

CVE-2026-27828 MEDIUM
5.5 Mar 26

EVerest charging software stack versions prior to 2026.02.0 contain a use-after-free vulnerability in the ISO15118_charg

CVE-2026-27816 MEDIUM
5.5 Mar 26

EVerest-Core prior to version 2026.02.0 contains an out-of-bounds write vulnerability in the ISO15118_chargerImpl::handl

CVE-2026-27815 MEDIUM
5.5 Mar 26

Out-of-bounds memory writes in EVerest charging software stack versions prior to 2026.02.0 allow local attackers to corr

CVE-2026-27813 MEDIUM
5.3 Mar 26

EVerest charging software stack versions prior to 2026.02.0 contain a data race condition leading to use-after-free memo

CVE-2026-33015 MEDIUM
5.2 Mar 26

EVerest charging software stack versions prior to 2026.02.0 allow EV operators to bypass remote stop commands issued by

CVE-2026-33014 MEDIUM
5.2 Mar 26

EVerest-core prior to version 2026.02.0 fails to properly terminate EV charging transactions during remote stop operatio

Share

EUVD-2026-16173 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy