The flaw exists in the EV charging software stack EVerest. A RemoteStop operation issued by a CSMS should permanently terminate a charging session. However, before version 2026.02.0, an EVSE can trigger a BCB toggle immediately after the stop, causing the system to transition back to PrepareCharging. This action forcibly restarts the session, effectively bypassing the intended security, billing, and safety controls. The outcome is that a charging session can be resumed even after a remote stop, undermining transaction integrity.

This problem affects the EVerest core software stack, used in electric vehicle charging stations. The issue is present in releases older than version 2026.02.0; any deployment of the 2026.01.x or earlier series is vulnerable. The software is distributed by the Linux Foundation under the EVerest project.

The vulnerability carries a CVSS score of 5.2, indicating a moderate risk level. With an EPSS score under 1 %, exploitation is unlikely to be widespread at present, and it is not known to be featured in the CISA KEV catalog. Exploitation requires the ability to toggle the BCB on the EVSE immediately after a RemoteStop has been issued; the analysis infers this to be a local or device‑side action rather than a remote network exploit. Because it forces the session back into the charging state, a user or attacker who can control the EVSE could resume billing. Yet, to trigger the flaw an attacker must already have physical or local access to the charging equipment, a condition that limits the overall attack reach. The severity remains moderate, but any deployment operating with earlier releases should be patched to eliminate the ability to restart a terminated session.