CVE-2026-27814

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race C++ UB triggered by an A 1-phase ↔ 3-phase switch request acswitchthreephaseswhilecharging during charging/waiting executes concurrently with the state machine loop. Version 2026.02.0 contains a patch...

CVE-2026-26070 EVerest: OCPP 2.0.1 EV SoC Update Race Causes Charge Point Crash

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is an EV SoC update with powermeter periodic update and unplugging/SessionFinished state. Version 2026.2.0 contains a...

CVE-2025-68139 In EVerest, by default, the EV is responsible for closing the connection if the module encounters an error during request processing

EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for terminateconnectiononfailedresponse is False, which leaves the responsibility for session and connection termination to the EV. In this configuration, any errors encountered by the modul...

CVE-2025-68133

EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to terminate by initiating an unlimited number of TCP connections that never proceed to ISO 15118-2 communication. This is possible because a new...

PT-2026-3852

EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for terminate connection on failed response is False, which leaves the responsibility for session and connection termination to the EV. In this configuration, any errors encountered by the...