PT-2026-28352 · Everest · Everest
Finder16
·
Published
2026-03-26
·
Updated
2026-03-26
·
CVE-2026-26074
CVSS v3.1
7.0
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H |
Name of the Vulnerable Software and Affected Versions
EVerest versions prior to 2026.02.0
Description
EVerest is an EV charging software stack susceptible to a data race that could lead to corruption of
std::map<std::queue>. The issue is triggered by a CSMS GetLog/UpdateFirmware request (network) coinciding with an EVSE fault event (physical). This results in concurrent access (data race) to the event queue, as reported by TSAN.Recommendations
Update to version 2026.02.0 or later.
Exploit
Fix
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Everest