Skip to main content

Everest Core EUVDEUVD-2026-16197

| CVE-2026-22790 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-03-26 GitHub_M
8.8
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.8 HIGH
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:13 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
2026.02.0
EUVD ID Assigned
Mar 26, 2026 - 15:00 euvd
EUVD-2026-16197
Analysis Generated
Mar 26, 2026 - 15:00 vuln.today
CVE Published
Mar 26, 2026 - 14:31 nvd
HIGH 8.8

DescriptionGitHub Advisory

EVerest is an EV charging software stack. Prior to version 2026.02.0, HomeplugMessage::setup_payload trusts len after an assert; in release builds the check is removed, so oversized SLAC payloads are memcpy'd into a ~1497-byte stack buffer, corrupting the stack and enabling remote code execution from network-provided frames. Version 2026.02.0 contains a patch.

AnalysisAI

Remote code execution vulnerability in EVerest electric vehicle charging software stack allows adjacent network attackers to execute arbitrary code by sending malformed SLAC protocol frames. EVerest-core versions prior to 2026.02.0 are affected due to a stack buffer overflow in HomeplugMessage::setup_payload that trusts an attacker-controlled length parameter in release builds. SSVC analysis indicates proof-of-concept exploit code exists, though the vulnerability is not automatable and requires adjacent network access (CVSS 8.8, AV:A).

Technical ContextAI

The vulnerability affects everest-core (CPE: cpe:2.3:a:everest:everest-core), an open-source electric vehicle charging station software stack. The root cause is CWE-121 (Stack-based Buffer Overflow) in the HomeplugMessage::setup_payload function that handles SLAC (Signal Level Attenuation Characterization) protocol messages used in ISO 15118 EV charging communications. The code uses an assert statement to validate the length parameter, but assert checks are compiled out in release builds, allowing oversized SLAC payloads to overflow a fixed ~1497-byte stack buffer via memcpy. This enables stack corruption and control flow hijacking when processing network frames containing Homeplug Green PHY messages, which are used for powerline communication establishment between electric vehicles and charging stations.

RemediationAI

Upgrade EVerest everest-core to version 2026.02.0 or later, which contains a vendor-released patch addressing the stack buffer overflow (see https://github.com/EVerest/EVerest/security/advisories/GHSA-wh8w-7cfc-gq7m). Until patching is completed, implement network segmentation to isolate charging station management networks from untrusted adjacent networks, deploy network intrusion detection systems to monitor for malformed SLAC protocol frames, and restrict physical and network access to charging infrastructure to trusted personnel only. For critical deployments, consider temporarily disabling SLAC/ISO 15118 functionality if alternative charging protocols are available, though this may impact Plug&Charge and other advanced features.

CVE-2026-23995 HIGH
8.4 Mar 26

Stack-based buffer overflow in EVerest EV charging software allows unauthenticated local attackers to execute arbitrary

CVE-2026-22593 HIGH
8.4 Mar 26

Stack-based buffer overflow in EVerest EV charging software stack enables local code execution when processing certifica

CVE-2026-33009 HIGH
8.2 Mar 26

Concurrent access to shared memory in EVerest EV charging software (versions prior to 2026.02.0) enables remote attacker

CVE-2026-26008 HIGH
7.5 Mar 26

Out-of-bounds vector access in EVerest EV charging software (everest-core versions before 2026.02.0) enables remote unau

CVE-2026-26074 HIGH
7.0 Mar 26

Concurrent access to an internal event queue in EVerest-core (EV charging software stack) enables remote attackers to co

CVE-2026-26073 MEDIUM
5.9 Mar 26

EVerest charging software stack versions prior to 2026.02.0 suffer from a data race condition in queue/deque handling tr

CVE-2026-27828 MEDIUM
5.5 Mar 26

EVerest charging software stack versions prior to 2026.02.0 contain a use-after-free vulnerability in the ISO15118_charg

CVE-2026-27816 MEDIUM
5.5 Mar 26

EVerest-Core prior to version 2026.02.0 contains an out-of-bounds write vulnerability in the ISO15118_chargerImpl::handl

CVE-2026-27815 MEDIUM
5.5 Mar 26

Out-of-bounds memory writes in EVerest charging software stack versions prior to 2026.02.0 allow local attackers to corr

CVE-2026-27813 MEDIUM
5.3 Mar 26

EVerest charging software stack versions prior to 2026.02.0 contain a data race condition leading to use-after-free memo

CVE-2026-33015 MEDIUM
5.2 Mar 26

EVerest charging software stack versions prior to 2026.02.0 allow EV operators to bypass remote stop commands issued by

CVE-2026-33014 MEDIUM
5.2 Mar 26

EVerest-core prior to version 2026.02.0 fails to properly terminate EV charging transactions during remote stop operatio

Share

EUVD-2026-16197 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy