EUVD-2026-16173
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Tags
Description
EVerest is an EV charging software stack. Prior to version 2026.02.0, an off-by-one check in IsoMux certificate filename handling causes a stack-based buffer overflow when a filename length equals `MAX_FILE_NAME_LENGTH` (100). A crafted filename in the certificate directory can overflow `file_names[idx]`, corrupting stack state and enabling potential code execution. Version 2026.02.0 contains a patch.
Analysis
Stack-based buffer overflow in EVerest EV charging software stack enables local code execution when processing certificate filenames of exactly 100 characters due to off-by-one boundary check error in IsoMux component. EVerest-core versions prior to 2026.02.0 are affected (CPE cpe:2.3:a:everest:everest-core). …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all EVerest-core deployments and confirm installed versions against the affected baseline (< 2026.02.0); document network isolation status of charging infrastructure. Within 7 days: Implement network segmentation to restrict local access to charging management interfaces and monitor file system access patterns for suspicious certificate handling. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today