Description
EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_update_energy_transfer_modes copies a variable-length list into a fixed-size array of length 6 without bounds checking. With schema validation disabled by default, oversized MQTT Cmd payloads can trigger out-of-bounds writes and corrupt adjacent EVSE state or crash the process. Version 2026.02.0 contains a patch.
Published: 2026-03-26
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Out‑of‑bounds write causing EVSE state corruption or crash
Action: Patch Now
AI Analysis

Impact

A flaw in the ISO15118_chargerImpl module of EVerest allows an attacker to send an oversized MQTT command payload. The implementation copies this data into a fixed array of six elements without performing bounds checking, resulting in a buffer overflow (CWE‑787). The overflow can overwrite neighboring memory, corrupting EVSE state or terminating the process, which may lead to service disruption or unpredictable charging behavior.

Affected Systems

The vulnerability affects the EVerest open‑source charging software stack, specifically the everest‑core component, on all installations running any version prior to 2026.02.0. Users operating EVerest 2026.02.0 or later are not impacted.

Risk and Exploitability

The CVSS base score of 5.5 indicates a moderate severity, while the EPSS score of less than 1% suggests a low likelihood of current exploitation. The issue is not listed in the CISA KEV catalog. Exploitation requires network access to the MQTT broker and the ability to craft an oversized packet, which is feasible for an adversary with such access. Successful exploitation would likely cause denial of service or state corruption, potentially risking unsafe charging operations.

Generated by OpenCVE AI on March 31, 2026 at 16:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade EVerest everest‑core to 2026.02.0 or later to apply the boundary‑check patch.

Generated by OpenCVE AI on March 31, 2026 at 16:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 31 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Linuxfoundation
Linuxfoundation everest
CPEs cpe:2.3:o:linuxfoundation:everest:*:*:*:*:*:*:*:*
Vendors & Products Linuxfoundation
Linuxfoundation everest
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H'}

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Everest
Everest everest-core
Vendors & Products Everest
Everest everest-core

Thu, 26 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_update_energy_transfer_modes copies a variable-length list into a fixed-size array of length 6 without bounds checking. With schema validation disabled by default, oversized MQTT Cmd payloads can trigger out-of-bounds writes and corrupt adjacent EVSE state or crash the process. Version 2026.02.0 contains a patch.
Title EVerest's ISO15118 update_energy_transfer_modes overflow can corrupt EVSE state
Weaknesses CWE-787
References
Metrics cvssV4_0

{'score': 5.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Everest Everest-core
Linuxfoundation Everest
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-26T18:24:18.212Z

Reserved: 2026-02-24T02:32:39.798Z

Link: CVE-2026-27816

cve-icon Vulnrichment

Updated: 2026-03-26T17:48:34.319Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T17:16:34.210

Modified: 2026-03-31T14:46:38.387

Link: CVE-2026-27816

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:08:51Z

Weaknesses