anonhaven
Ad

CVE-2026-26071

MEDIUM CVSS 3.1: 4.2 EPSS 0.02%
Updated Mar 31, 2026
Everest
Parameter Value
CVSS 4.2 (MEDIUM)
Affected Versions before 2026.02.0
Fixed In 2026.02.0
Type CWE-362 (Race Condition), CWE-416 (Use After Free)
Vendor Everest
Public PoC No

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::string` concurrent access. with heap-use-after-free possible. This is triggered by EVCCID update (EV/ISO15118) and OCPP session/authorization events.

Version 2026.02.0 contains a patch.

Attack Parameters

Attack Vector
Physical
Requires physical access
Attack Complexity
High
Difficult to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-362 Race Condition
CWE-416 Use After Free

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Linuxfoundation Everest
cpe:2.3:o:linuxfoundation:everest:*:*:*:*:*:*:*:*
 2026.02.0

References 1

https://github.com/EVerest/EVerest/security/advisories/GHSA-xww8-4hfx-9fjw
security-advisories@github.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-33015

Everest

5.2

CVE-2026-33014

Everest

5.2

CVE-2026-33009

Everest

6.5

CVE-2026-29044

Everest

6.5

CVE-2026-27828

Everest

5.5