Description
EVerest is an EV charging software stack. Prior to version 2026.02.0, `HomeplugMessage::setup_payload` trusts `len` after an `assert`; in release builds the check is removed, so oversized SLAC payloads are `memcpy`'d into a ~1497-byte stack buffer, corrupting the stack and enabling remote code execution from network-provided frames. Version 2026.02.0 contains a patch.
Published: 2026-03-26
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability arises from an unchecked length check for SLAC payloads in the HomeplugMessage::setup_payload function within the EVerest EV charging software stack. Because the length assertion is removed in release builds, large payloads are copied into a 1497‑byte stack buffer, causing a stack overflow that can be exploited via a crafted network frame to achieve remote code execution on the host system.

Affected Systems

The affected component is EVerest’s everest‑core module, specifically any deployment using a version older than 2026.02.0. Systems running these versions are vulnerable regardless of other configuration settings.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity, while the EPSS score below 1% suggests a low current probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog. Attacks would require sending a specially crafted network frame containing an oversized SLAC payload, a scenario plausible in uncontrolled network environments.

Generated by OpenCVE AI on March 31, 2026 at 15:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to version 2026.02.0 or newer
  • If upgrading is not immediately possible, block or filter network traffic with oversized SLAC frames to prevent exploitation

Generated by OpenCVE AI on March 31, 2026 at 15:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 31 Mar 2026 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Linuxfoundation
Linuxfoundation everest
CPEs cpe:2.3:o:linuxfoundation:everest:*:*:*:*:*:*:*:*
Vendors & Products Linuxfoundation
Linuxfoundation everest

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Everest
Everest everest-core
Vendors & Products Everest
Everest everest-core

Thu, 26 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Description EVerest is an EV charging software stack. Prior to version 2026.02.0, `HomeplugMessage::setup_payload` trusts `len` after an `assert`; in release builds the check is removed, so oversized SLAC payloads are `memcpy`'d into a ~1497-byte stack buffer, corrupting the stack and enabling remote code execution from network-provided frames. Version 2026.02.0 contains a patch.
Title EVerest's unchecked SLAC payload length causes stack overflow in HomeplugMessage::setup_payload
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Everest Everest-core
Linuxfoundation Everest
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-26T15:19:36.246Z

Reserved: 2026-01-09T18:27:19.388Z

Link: CVE-2026-22790

cve-icon Vulnrichment

Updated: 2026-03-26T15:19:28.267Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T15:16:31.970

Modified: 2026-03-31T13:50:31.947

Link: CVE-2026-22790

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:09:02Z

Weaknesses