Description
EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_session_setup copies a variable-length payment_options list into a fixed-size array of length 2 without bounds checking. With schema validation disabled by default, oversized MQTT Cmd payloads can trigger out-of-bounds writes and corrupt adjacent EVSE state or crash the process. Version 2026.02.0 contains a patch.
Published: 2026-03-26
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: EVSE state corruption or crash
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is an out‑of‑bounds write in the ISO 15118 session_setup handling code. An oversized MQTT command payload is copied into a fixed size array of two elements without bounds checking. The overflow can corrupt nearby memory, potentially causing the EVSE to behave incorrectly or crash. The weakness is classified as an uncontrolled buffer overrun (CWE‑787).

Affected Systems

This flaw affects the EVerest core EV charging stack before the release dated 2026.02.0. Systems running any EVerest:everest-core version older than 2026.02.0 are vulnerable, regardless of deployment edition.

Risk and Exploitability

The CVSS score is 5.5, indicating a moderate impact on confidentiality, integrity, and availability. Exploitation requires the ability to send a specially crafted MQTT payload to the charging station; the attack vector is therefore remote and Internet‑accessible, as the flaw is triggered by externally received data. The EPSS score is not available and the issue has not been listed in CISA’s KEV catalog, so it is not known to have active exploits in the wild.

Generated by OpenCVE AI on March 26, 2026 at 17:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to EVerest 2026.02.0 or later.
  • If an upgrade is not possible, enable schema validation for MQTT command processing to mitigate overflow risk.
  • Ensure all incoming MQTT messages are validated against the ISO 15118 schema before handling.

Generated by OpenCVE AI on March 26, 2026 at 17:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 28 Mar 2026 04:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Everest
Everest everest-core
Vendors & Products Everest
Everest everest-core

Thu, 26 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_session_setup copies a variable-length payment_options list into a fixed-size array of length 2 without bounds checking. With schema validation disabled by default, oversized MQTT Cmd payloads can trigger out-of-bounds writes and corrupt adjacent EVSE state or crash the process. Version 2026.02.0 contains a patch.
Title EVerest: ISO15118 session_setup payment options overflow can corrupt EVSE state
Weaknesses CWE-787
References
Metrics cvssV4_0

{'score': 5.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Everest Everest-core
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-28T02:25:02.011Z

Reserved: 2026-02-24T02:31:33.268Z

Link: CVE-2026-27815

cve-icon Vulnrichment

Updated: 2026-03-28T02:24:57.797Z

cve-icon NVD

Status : Received

Published: 2026-03-26T17:16:34.063

Modified: 2026-03-26T17:16:34.063

Link: CVE-2026-27815

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:26:17Z

Weaknesses