High severity7.5NVD Advisory· Published Mar 26, 2026· Updated Mar 31, 2026

CVE-2026-27828

Description

EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118_chargerImpl::handle_session_setup uses v2g_ctx after it has been freed when ISO15118 initialization fails (e.g., no IPv6 link-local address). The EVSE process can be crashed remotely by an attacker with MQTT access who issues a session_setup command while v2g_ctx has been released. Version 2026.02.0 contains a patch.

Affected products

Linux Foundation/Everest
cpe:2.3:o:linuxfoundation:everest:*:*:*:*:*:*:*:*
Range: <2026.02.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/EVerest/EVerest/security/advisories/GHSA-5g3v-qc79-qqwrnvdMitigationVendor Advisory

News mentions

The State of Ransomware – Q1 2026
Check Point Research · May 11, 2026
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 20, 2026 to April 26, 2026)
Wordfence Blog · Apr 30, 2026
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 6, 2026 to April 12, 2026)
Wordfence Blog · Apr 16, 2026
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 30, 2026 to April 5, 2026)
Wordfence Blog · Apr 9, 2026

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000