EVerest is a software stack for electric vehicle charging. An off‑by‑one logic error in the IsoMux certificate filename parser allows a stack‑based buffer overflow when a certificate file name reaches the maximum allowed length of 100 characters. The overflow corrupts a stack variable named file_names[idx] and can overwrite nearby control flow data, giving an attacker the potential to execute arbitrary code on the affected device.

The vulnerability affects the EVerest everest-core component in any release prior to 2026.02.0. Devices running this software on Linux, such as EV charging stations that use the everest-core stack, are susceptible because the flaw is present in the default certificate directory handling.

The CVSS score of 8.4 indicates high severity, while the EPSS score of less than 1% shows a low current exploitation probability. The issue is not listed in CISA’s KEV catalog. The likely exploitation path involves an attacker placing a specially crafted certificate file whose name is exactly 100 characters long in the certificate directory. This requires file system access—usually local—but could be achieved remotely if the device allows writing files to that directory. Once the file is in place, launching the EVerest stack can trigger the overflow, leading to code execution. Because the flaw is not yet widely exploited, current risk is moderate to high, but the impact of successful exploitation would be total compromise of the charging station.