Description
EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118_chargerImpl::handle_session_setup uses v2g_ctx after it has been freed when ISO15118 initialization fails (e.g., no IPv6 link-local address). The EVSE process can be crashed remotely by an attacker with MQTT access who issues a session_setup command while v2g_ctx has been released. Version 2026.02.0 contains a patch.
Published: 2026-03-26
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (Crash)
Action: Immediate Patch
AI Analysis

Impact

A use‑after‑free condition occurs in EVerest’s ISO15118_chargerImpl during session_setup handling when the v2g_ctx context is freed following a failed ISO15118 initialization, such as missing an IPv6 link‑local address. The freed pointer is later accessed, leading to an application crash. The vulnerability is categorized as CWE‑416 and allows an attacker to disrupt service by forcing the EVSE process to terminate.

Affected Systems

The flaw affects the EVerest everest-core component of the EV charging software stack. All releases prior to version 2026.02.0 are vulnerable, regardless of the host operating system on which the stack is deployed, typically Linux environments.

Risk and Exploitability

The CVSS base score of 5.5 indicates medium severity, and the EPSS score below 1% suggests a low probability of exploitation. However, the attack vector is inferred to be remote over MQTT, meaning an adversary with MQTT access can issue a malicious session_setup command to trigger the crash. The vulnerability is not listed in CISA’s KEV catalog, but the combination of remote reachability and a crash outcome represents a significant availability risk for impacted charging stations.

Generated by OpenCVE AI on March 31, 2026 at 16:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade EVerest to version 2026.02.0 or later to eliminate the use‑after‑free bug.
  • Restrict or secure MQTT broker access so that only trusted clients can issue session_setup commands.
  • Monitor MQTT traffic for unusual session_setup activity and enforce stricter authentication if possible.

Generated by OpenCVE AI on March 31, 2026 at 16:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 31 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Linuxfoundation
Linuxfoundation everest
CPEs cpe:2.3:o:linuxfoundation:everest:*:*:*:*:*:*:*:*
Vendors & Products Linuxfoundation
Linuxfoundation everest
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Fri, 27 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Everest
Everest everest-core
Vendors & Products Everest
Everest everest-core

Thu, 26 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Description EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_session_setup uses v2g_ctx after it has been freed when ISO15118 initialization fails (e.g., no IPv6 link-local address). The EVSE process can be crashed remotely by an attacker with MQTT access who issues a session_setup command while v2g_ctx has been released. Version 2026.02.0 contains a patch. EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118_chargerImpl::handle_session_setup uses v2g_ctx after it has been freed when ISO15118 initialization fails (e.g., no IPv6 link-local address). The EVSE process can be crashed remotely by an attacker with MQTT access who issues a session_setup command while v2g_ctx has been released. Version 2026.02.0 contains a patch.

Thu, 26 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_session_setup uses v2g_ctx after it has been freed when ISO15118 initialization fails (e.g., no IPv6 link-local address). The EVSE process can be crashed remotely by an attacker with MQTT access who issues a session_setup command while v2g_ctx has been released. Version 2026.02.0 contains a patch.
Title EVerest: ISO15118 session_setup use-after-free can crash EVSE process
Weaknesses CWE-416
References
Metrics cvssV4_0

{'score': 5.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Everest Everest-core
Linuxfoundation Everest
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-27T14:43:59.252Z

Reserved: 2026-02-24T02:32:39.800Z

Link: CVE-2026-27828

cve-icon Vulnrichment

Updated: 2026-03-27T14:43:36.074Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T17:16:34.357

Modified: 2026-03-31T14:47:13.280

Link: CVE-2026-27828

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:08:50Z

Weaknesses