VYPR

Everest

by Linux Foundation

Source repositories

CVEs (5)

  • CVE-2026-27816CriMar 26, 2026
    risk 0.52cvss 9.1epss 0.00

    EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_update_energy_transfer_modes copies a variable-length list into a fixed-size array of length 6 without bounds checking. With schema validation disabled by default, oversized…

  • CVE-2026-27815CriMar 26, 2026
    risk 0.52cvss 9.1epss 0.00

    EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_session_setup copies a variable-length payment_options list into a fixed-size array of length 2 without bounds checking. With schema validation disabled by default, oversized…

  • CVE-2026-27828HigMar 26, 2026
    risk 0.42cvss 7.5epss 0.00

    EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118_chargerImpl::handle_session_setup uses v2g_ctx after it has been freed when ISO15118 initialization fails (e.g., no IPv6 link-local address). The EVSE process can be crashed remotely by an attacker…

  • CVE-2026-29044MedMar 26, 2026
    risk 0.26cvss 5.0epss 0.00

    EVerest is an EV charging software stack. Prior to version 2026.02.0, when WithdrawAuthorization is processed before the TransactionStarted event, AuthHandler determines `transaction_active=false` and only calls `withdraw_authorization_callback`. This path ultimately calls…

  • CVE-2026-27814MedMar 26, 2026
    risk 0.20cvss 4.2epss 0.00

    EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race (C++ UB) triggered by an A 1-phase ↔ 3-phase switch request (`ac_switch_three_phases_while_charging`) during charging/waiting executes concurrently with the state machine loop. Version…