CVE-2026-23995

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0

Description EVerest is an EV charging software stack. A stack-based buffer overflow exists in the CAN interface initialization process. This occurs when an interface name exceeding IFNAMSIZ (16 characters) is passed to CAN open routines, overflowing the ifreq.ifr name buffer and potentially corrupting adjacent stack data, which could lead to code execution. A malicious or misconfigured interface name can trigger this issue before any privilege checks are performed.

Recommendations Versions prior to 2026.02.0 should be updated to version 2026.02.0 or later.