PT-2026-28362 · Everest · Everest

Secmate

Published

2026-03-26

Updated

2026-03-27

CVE-2026-27828

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0

Description EVerest is an EV charging software stack. The ISO15118 chargerImpl::handle session setup function uses the v2g ctx variable after it has been freed when ISO15118 initialization fails, such as when there is no IPv6 link-local address. An attacker with MQTT access can remotely crash the EVSE process by issuing a session setup command while v2g ctx has been released. The vulnerable function is handle session setup. The MQTT protocol is used for communication.

Recommendations Update to version 2026.02.0 or later.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

CVE-2026-27828

GHSA-5G3V-QC79-QQWR

Affected Products

Everest

PT-2026-28362 · Everest · Everest

CVE-2026-27828

Weakness Enumeration

Related Identifiers

Affected Products

References · 6