Back to search
CVE-2026-27815
Published: Mar 26, 2026
Modified: Mar 28, 2026
PUBLISHED
Description
EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_session_setup copies a variable-length payment_options list into a fixed-size array of length 2 without bounds checking. With schema validation disabled by default, oversized MQTT Cmd payloads can trigger out-of-bounds writes and corrupt adjacent EVSE state or crash the process. Version 2026.02.0 contains a patch.
| Vendor | Product | Versions |
|---|---|---|
EVerest | everest-core | affected < 2026.02.0 |
Weaknesses (CWE)
References
https://github.com/EVerest/EVerest/security/advisories/GHSA-7wmg-crc8-6xxf
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now