What is the CVSS score of EUVD-2026-16216?

EUVD-2026-16216 has a CVSS 3.1 base score of 5.9 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of EVerest are affected by EUVD-2026-16216?

Organizations using EVerest should be aware of moderate risk from CVE-2026-26073, a heap-based buffer overflow vulnerability rated CVSS 5.9.. A patch is available.

EVerest EUVD-2026-16216

| CVE-2026-26073 MEDIUM

Heap-based Buffer Overflow (CWE-122)

2026-03-26 GitHub_M

Buffer Overflow Heap Overflow

5.9

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

2026.02.0

EUVD ID Assigned

Mar 26, 2026 - 16:45 euvd

EUVD-2026-16216

Analysis Generated

Mar 26, 2026 - 16:45 vuln.today

CVE Published

Mar 26, 2026 - 16:15 nvd

MEDIUM 5.9

DescriptionNVD

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible std::queue/std::deque corruption. The trigger is powermeter public key update and EV session/error events (while OCPP not started). This results in a TSAN data race report and an ASAN/UBSAN misaligned address runtime error being observed. Version 2026.02.0 contains a patch.

AnalysisAI

EVerest charging software stack versions prior to 2026.02.0 suffer from a data race condition in queue/deque handling triggered by concurrent powermeter public key updates and EV session/error events, resulting in heap corruption and potential denial of service. Unauthenticated remote attackers can exploit this via specially timed network events to crash the charging infrastructure, though successful exploitation requires precise timing due to high attack complexity. …

RemediationAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-16216 vulnerability details – vuln.today

Back

EVerest EUVD-2026-16216

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code