CVE-2026-27813 EVerest has use-after-free in auth timeout timer via race condition

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to use-after-free. This is triggered by EV plug-in/unplug and RFID/RemoteStart/OCPP authorization events or delayed authorization response. Version 2026.2.0 contains a patch...

EUVD-2026-16203

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is an EV SoC update with powermeter periodic update and unplugging/SessionFinished state. Version 2026.2.0 contains a...

CVE-2025-68137 EVerest's Integer Overflow and Signed to Unsigned conversion lead to either stack buffer overflow or infinite loop

EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in SdpPacket::parseheader allows the current buffer length to be set to 7 after a complete header of size 8 has been read. The remaining length to read is computed using the current length subtract...

CVE-2025-68133 EVerest's unlimited connections can lead to DoS through operating system resource exhaustion

EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to terminate by initiating an unlimited number of TCP connections that never proceed to ISO 15118-2 communication. This is possible because a new...