PT-2026-28323 · Everest · Everest
Finder16
·
Published
2026-03-26
·
Updated
2026-03-29
·
CVE-2026-22593
CVSS v3.1
8.4
High
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
EVerest versions prior to 2026.02.0
Description
EVerest is an EV charging software stack. A flaw exists in IsoMux certificate filename handling due to an off-by-one check. This can lead to a stack-based buffer overflow when a filename length equals
MAX FILE NAME LENGTH (100). A crafted filename within the certificate directory can overflow file names[idx], potentially corrupting stack state and enabling code execution.Recommendations
Versions prior to 2026.02.0 should be updated to version 2026.02.0 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Everest