Back to search
CVE-2026-27828
Published: Mar 26, 2026
Modified: Mar 27, 2026
PUBLISHED
Description
EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118_chargerImpl::handle_session_setup uses v2g_ctx after it has been freed when ISO15118 initialization fails (e.g., no IPv6 link-local address). The EVSE process can be crashed remotely by an attacker with MQTT access who issues a session_setup command while v2g_ctx has been released. Version 2026.02.0 contains a patch.
| Vendor | Product | Versions |
|---|---|---|
EVerest | everest-core | affected < 2026.02.0 |
Weaknesses (CWE)
References
https://github.com/EVerest/EVerest/security/advisories/GHSA-5g3v-qc79-qqwr
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now