PT-2026-28359 · Everest · Everest

Finder16

·

Publicado

2026-03-26

·

Atualizado

2026-03-27

·

CVE-2026-27814

CVSS v3.1

4.2

Média

VetorAV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0
Description EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race (C++ undefined behavior) triggered by a 1-phase ↔ 3-phase switch request (ac switch three phases while charging) during charging or waiting, which executes concurrently with the state machine loop.
Recommendations Update to version 2026.02.0 or later.

Exploit

Correção

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

CVE-2026-27814
GHSA-5528-WC53-V557

Produtos afetados

Everest