CVE-2026-27828

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0

Description EVerest is an EV charging software stack. The ISO15118 chargerImpl::handle session setup function uses the v2g ctx variable after it has been freed when ISO15118 initialization fails, such as when there is no IPv6 link-local address. An attacker with MQTT access can remotely crash the EVSE process by issuing a session setup command while v2g ctx has been released. The vulnerable function is handle session setup. The MQTT protocol is used for communication.

Recommendations Update to version 2026.02.0 or later.