Description
EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_session_setup copies a variable-length payment_options list into a fixed-size array of length 2 without bounds checking. With schema validation disabled by default, oversized MQTT Cmd payloads can trigger out-of-bounds writes and corrupt adjacent EVSE state or crash the process. Version 2026.02.0 contains a patch.
Published: 2026-03-26
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Integrity Corruption
Action: Apply Patch
AI Analysis

Impact

EVerest is an electric‑vehicle charging software stack which, before version 2026.02.0, copies the variable‑length payment_options list from the ISO15118 session_setup message into a fixed‑size array of two elements without performing bounds checking. An attacker that can send a crafted MQTT command can lead the copy routine to write past the array boundary, overwriting adjacent memory. The overwrite can corrupt the EVSE state or cause the process to crash. This issue is a classic out‑of‑bounds write (CWE‑787).

Affected Systems

The vulnerability affects all EVerest everest‑core installations with a version older than 2026.02.0. No specific hardware or operating‑system constraints are mentioned; the software stack runs on Linux‑based platforms as indicated by the corresponding CPE.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, but the EPSS score is below 1% and the vulnerability is not listed in the CISA KEV catalog, implying a low likelihood of widespread exploitation. The attack vector is inferred to be remote, as the overflow is triggered by oversized MQTT command payloads that an attacker can inject into the communication channel between the electric‑vehicle and the charging station. Successful exploitation would lead to integrity and availability problems for the charging infrastructure but does not provide remote code execution or privilege escalation.

Generated by OpenCVE AI on March 31, 2026 at 16:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the EVerest everest-core stack to version 2026.02.0 or later to apply the vendor patch.
  • If upgrading is not immediately possible, restrict or validate MQTT command payload sizes and enable schema validation to prevent oversized messages from being processed.
  • Implement network controls to limit MQTT traffic to trusted devices and monitor logs for anomalous payloads.

Generated by OpenCVE AI on March 31, 2026 at 16:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 31 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Linuxfoundation
Linuxfoundation everest
CPEs cpe:2.3:o:linuxfoundation:everest:*:*:*:*:*:*:*:*
Vendors & Products Linuxfoundation
Linuxfoundation everest
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H'}

Sat, 28 Mar 2026 04:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Everest
Everest everest-core
Vendors & Products Everest
Everest everest-core

Thu, 26 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_session_setup copies a variable-length payment_options list into a fixed-size array of length 2 without bounds checking. With schema validation disabled by default, oversized MQTT Cmd payloads can trigger out-of-bounds writes and corrupt adjacent EVSE state or crash the process. Version 2026.02.0 contains a patch.
Title EVerest: ISO15118 session_setup payment options overflow can corrupt EVSE state
Weaknesses CWE-787
References
Metrics cvssV4_0

{'score': 5.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Everest Everest-core
Linuxfoundation Everest
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-28T02:25:02.011Z

Reserved: 2026-02-24T02:31:33.268Z

Link: CVE-2026-27815

cve-icon Vulnrichment

Updated: 2026-03-28T02:24:57.797Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T17:16:34.063

Modified: 2026-03-31T15:04:28.107

Link: CVE-2026-27815

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:08:52Z

Weaknesses