Lucene search
K
LinuxfoundationEverest

29 matches found

CVE
CVE
added 2026/01/26 10:12 p.m.27 views

CVE-2026-24003

CVE-2026-24003 (EvseV2G) affects the EV charging software stack EVerest up to version 2025.12.1 . The issue is a bypass of the sequence/state verification, including authentication, allowing requests to transition to forbidden states and update the current context with illegitimate data. The inte...

5.3CVSS5.8AI score0.00254EPSS
CVE
CVE
added 2026/01/21 7:54 p.m.19 views

CVE-2025-68140

Summary: CVE-2025-68140 affects EVerest EV charging software stack prior to 2025.9.0, where an unregistered session can be assumed as 0, allowing unauthorized and anonymous indirect emission of MQTT messages and communication with V2G message handlers, potentially updating a session context. Tech...

4.3CVSS5.4AI score0.00136EPSS
CVE
CVE
added 2026/03/26 2:45 p.m.19 views

CVE-2026-26070

Summary: CVE-2026-26070 affects EVerest, the EV charging software stack. Versions prior to 2026.02.0 contain a data race that enables concurrent access to std::mapstd::optional , potentially causing container/optional corruption. The race is triggered during an EV SoC update with a periodic power...

4.6CVSS5.9AI score0.00105EPSS
CVE
CVE
added 2026/03/26 4:30 p.m.18 views

CVE-2026-27815

CVE-2026-27815 affects EVerest EV charging stack. Prior to 2026.02.0, the function ISO15118_chargerImpl::handle_session_setup copies a variable-length payment_options list into a fixed-size array of length 2 without bounds checking. With default schema validation disabled, oversized MQTT Cmd payl...

9.1CVSS5.8AI score0.00272EPSS
CVE
CVE
added 2026/03/26 4:34 p.m.18 views

CVE-2026-27828

CVE-2026-27828 — EVerest : In EVerest prior to 2026.02.0, ISO15118_chargerImpl::handle_session_setup accesses the freed v2g_ctx after ISO15118 initialization fails (e.g., no IPv6 link-local address). An attacker with MQTT access can remotely crash the EVSE process by issuing a session_setup comma...

7.5CVSS5.8AI score0.00286EPSS
CVE
CVE
added 2026/01/21 2:25 a.m.15 views

CVE-2025-68133

CVE-2025-68133 affects the EVerest EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the OS memory and terminate the module by opening an unlimited number of TCP connections that do not proceed to ISO 15118-2 communication. This occurs because a new thread is sta...

7.4CVSS5.6AI score0.00351EPSS
CVE
CVE
added 2026/01/21 7:36 p.m.14 views

CVE-2025-68139

CVE-2025-68139 affects EVerest EV charging software stack. All versions up to and including 2025.12.1 default terminate_connection_on_failed_response to false, meaning the EV is responsible for closing sessions/connections after module errors; errors are logged but no automatic countermeasures (e...

4.3CVSS5.2AI score0.00145EPSS
CVE
CVE
added 2026/01/21 7:25 p.m.14 views

CVE-2026-23955

CVE-2026-23955 affects the EVerest EV charging software stack prior to version 2025.9.0. In several places, integers are concatenated to literal strings when throwing errors, causing pointer arithmetic instead of printing the integer value. This can allow a malicious operator to read unintended m...

4.2CVSS5.5AI score0.00164EPSS
CVE
CVE
added 2026/03/26 2:36 p.m.14 views

CVE-2026-23995

EVerest has a stack-based buffer overflow in the CAN interface initialization. If a CAN interface name exceeds IFNAMSIZ (16), touching CAN open routines overflows the stack via ifreq.ifr_name, potentially leading to code execution. This affects versions prior to 2026.02.0; the patch is included i...

8.4CVSS6.3AI score0.00211EPSS
CVE
CVE
added 2026/03/26 2:50 p.m.14 views

CVE-2026-26072

EVerest EV charging software stack is affected. Versions prior to 2026.02.0 have a data race on concurrent access to std::mapstd::optional , potentially causing container/optional corruption during EV SoC updates with powermeter periodic updates and unplugging/SessionFinished status. The issue is...

4.2CVSS5.8AI score0.00137EPSS
CVE
CVE
added 2026/03/26 4:19 p.m.14 views

CVE-2026-26074

EVerest EV charging software stack has a data race in versions prior to 2026.02.0, causing possible corruption of map data structures (event_queue). The race is triggered over the network CSMS GetLog/UpdateFirmware request when an EVSE fault event is present, leading to concurrent access detected...

7CVSS5.8AI score0.0014EPSS
CVE
CVE
added 2026/01/21 6:28 p.m.13 views

CVE-2025-68132

CVE-2025-68132 affects EVerest EV charging software stack. The issue lies in the DZG_GSH01 powermeter SLIP parser, where is_message_crc_correct reads vec[vec.size()-1] and vec[vec.size()-2] without verifying that at least two bytes exist. Malformed SLIP frames on the serial link can reach this fu...

4.6CVSS5.6AI score0.00243EPSS
CVE
CVE
added 2026/01/21 6:32 p.m.13 views

CVE-2025-68134

Summary: CVE-2025-68134 affects EVerest before version 2025.10.0, where repeated use of the assert function to handle errors can cause a crash of the module. The manager behavior (shutting down other modules and exiting on a crash) can lead to a denial of service in setups with multiple EVSE. Imp...

7.4CVSS5.5AI score0.00156EPSS
CVE
CVE
added 2026/01/21 7:18 p.m.13 views

CVE-2025-68136

CVE-2025-68136 (EVerest) affects the EV charging software stack prior to version 2025.10.0. On SDP requests, the module creates a new set of objects (Session, IConnection) and opens a new TCP socket for ISO15118-20 communications, registering callbacks for the new file descriptor without closing/...

7.4CVSS5.5AI score0.00266EPSS
CVE
CVE
added 2026/01/21 7:56 p.m.13 views

CVE-2025-68141

CVE-2025-68141 affects the EVerest EV charging software stack. Before version 2025.10.0, deserializing a DC_ChargeLoopRes message that includes Receipt and TaxCosts can access the vector tax_costs in Receipt out of bounds, in the function template void convert(const struct iso20_dc_DetailedTaxTy...

7.4CVSS5.6AI score0.00248EPSS
CVE
CVE
added 2026/03/26 2:31 p.m.13 views

CVE-2026-22790

EV charging stack EVerest is vulnerable before 2026.02.0: HomeplugMessage::setup_payload trusts len after an assert; in release builds the check is removed, enabling oversized SLAC payloads to be memcpy’d into a ~1497-byte stack buffer, corrupting the stack and allowing remote code execution from...

8.8CVSS6.5AI score0.00526EPSS
CVE
CVE
added 2026/03/26 4:40 p.m.13 views

CVE-2026-33014

The CVE-2026-33014 entry describes a vulnerability in the EVerest EV charging software stack where, before version 2026.02.0, a delayed authorization response during RemoteStop processing resets the authorized flag to true, bypassing the stop_transaction() condition on PowerOff events. This allow...

5.2CVSS5.9AI score0.00208EPSS
CVE
CVE
added 2026/01/21 6:56 p.m.12 views

CVE-2025-68135

EVerest (EV charging software stack) prior to version 2025.10.0 has a vulnerability in the TbdController loop where C++ exceptions are not properly handled, causing the loop and its caller to terminate silently and leading to a denial of service affecting SDP and ISO15118-20 servers. The issue is...

6.5CVSS5.4AI score0.0029EPSS
CVE
CVE
added 2026/01/21 7:20 p.m.12 views

CVE-2025-68137

EVerest before version 2025.10.0 is affected by an integer overflow in SdpPacket::parse_header(). After reading an 8-byte header, the remaining length can be set to 7, and the calculation of the remaining length yields a negative value that is interpreted as SIZE_MAX. This can cause an infinite l...

8.3CVSS5.9AI score0.00251EPSS
CVE
CVE
added 2026/03/26 2:43 p.m.12 views

CVE-2026-26008

The CVE concerns EVerest EV charging software stack. Versions before 2026.02.0 expose an out-of-bounds access in a std::vector triggered by UpdateAllowedEnergyTransferModes over the network via CSMS, enabling possible remote crash or memory corruption. The issue affects the affected releases prio...

7.5CVSS5.8AI score0.00367EPSS
CVE
CVE
added 2026/03/26 4:15 p.m.12 views

CVE-2026-26073

Affected software. EVerest EV charging software stack (prior to 2026.02.0). Vulnerability and root cause. A data race can occur in the internal event handling (powermeter public key update and EV session/error events when OCPP is not started), which may corrupt std::queue/std::deque and trigger r...

5.9CVSS5.8AI score0.00304EPSS
CVE
CVE
added 2026/03/26 4:32 p.m.12 views

CVE-2026-27816

EVerest prior to version 2026.02.0 has a buffer overflow in ISO15118_chargerImpl::handle_update_energy_transfer_modes where a variable-length list is copied into a fixed-size 6-element array without bounds checks. With default schema validation disabled, oversized MQTT Cmd payloads can cause out-...

9.1CVSS5.8AI score0.00197EPSS
CVE
CVE
added 2026/03/26 4:23 p.m.11 views

CVE-2026-27813

CVE-2026-27813 affects the EVerest EV charging software stack. Versions prior to 2026.02.0 contain a data race that can lead to a use-after-free condition. The issue is triggered by EV plug-in/unplug events and RFID/RemoteStart/OCPP authorization events (or delayed authorization responses). A pat...

5.3CVSS5.8AI score0.00126EPSS
CVE
CVE
added 2026/03/26 1:49 p.m.10 views

CVE-2026-22593

The CVE-2026-22593 affects the EVerest EV charging software stack. Before version 2026.02.0, an off-by-one check in IsoMux certificate filename handling can overflow a stack when a filename length equals MAX_FILE_NAME_LENGTH (100), potentially corrupting stack state and enabling code execution. A...

8.4CVSS6.3AI score0.00138EPSS
CVE
CVE
added 2026/03/26 4:39 p.m.10 views

CVE-2026-33009

CVE-2026-33009 affects EVerest EV charging software. Pre-2026.02.0 versions have a data race causing possible C++ undefined behavior/memory corruption when processing an MQTT topic everest_external/nodered/{connector}/cmd/switch_three_phases_while_charging, leading to concurrent access of Charger...

8.2CVSS5.8AI score0.00248EPSS
Web
CVE
CVE
added 2026/03/26 4:27 p.m.9 views

CVE-2026-27814

EVerest EV charging software stack is affected: a data race (C++ undefined behavior) in ac_switch_three_phases_while_charging triggers when a 1-phase ↔ 3-phase switch request runs concurrently with the state machine loop. Affected versions are prior to 2026.02.0; version 2026.02.0 contains the pa...

4.2CVSS5.8AI score0.00134EPSS
CVE
CVE
added 2026/03/26 2:48 p.m.8 views

CVE-2026-26071

CVE-2026-26071 – EVerest : The affected product is the EVerest EV charging software stack. Versions prior to 2026.02.0 suffer a data race that allows concurrent access to a std::string, with a possible heap-use-after-free. The issue is triggered by EVCCID updates (EV/ISO15118) and OCPP session/au...

4.2CVSS5.8AI score0.00134EPSS
CVE
CVE
added 2026/03/26 4:37 p.m.8 views

CVE-2026-29044

EVerest EV charging software stack vulnerability CVE-2026-29044: before version 2026.02.0, processing WithdrawAuthorization prior to TransactionStarted can leave transaction_active=false and trigger deauthorize without performing StopTransaction in the Charging state, enabling authorization withd...

6.5CVSS5.8AI score0.00288EPSS
CVE
CVE
added 2026/03/26 4:42 p.m.8 views

CVE-2026-33015

Summary of CVE-2026-33015 (EVerest) : EVerest EV charging software stack is affected prior to version 2026.02.0. The vulnerability allows a session to restart after a RemoteStop (StopTransaction) via the EV’s BCB toggle, enabling the EVSE to return to PrepareCharging. This undermines the intended...

5.2CVSS5.9AI score0.00214EPSS