EUVD-2026-16199
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name longer than IFNAMSIZ (16) to CAN open routines overflows `ifreq.ifr_name`, corrupting adjacent stack data and enabling potential code execution. A malicious or misconfigured interface name can trigger this before any privilege checks. Version 2026.02.0 contains a patch.
Analysis
Stack-based buffer overflow in EVerest EV charging software allows unauthenticated local attackers to execute arbitrary code via overly long CAN interface names during initialization. The vulnerability (CWE-121) affects everest-core versions prior to 2026.02.0 with CVSS 8.4 (High severity). …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all EVerest deployments and document current versions; restrict local access to systems running affected versions (pre-2026.02.0) to trusted personnel only. Within 7 days: Evaluate upgrade feasibility to everest-core 2026.02.0 or later and test in non-production environment; engage EVerest vendor support for patching timeline confirmation. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today