CVE-2026-33015

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0

Description EVerest is an EV charging software stack. Before version 2026.02.0, even after a RemoteStop (StopTransaction) is performed by the CSMS, the EVSE can return to PrepareCharging through the EV’s BCB toggle, allowing session restart. This breaks the irreversibility of the remote stop and can bypass operational, billing, and safety controls. The RemoteStop function is performed by the CSMS. The EVSE returns to the PrepareCharging state via the EV’s BCB toggle.

Recommendations Update to version 2026.02.0 or later.