CVE-2026-33014

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0

Description EVerest is an EV charging software stack. Before version 2026.02.0, during the processing of RemoteStop, a delayed authorization response resets the authorized variable to true. This bypasses the condition for calling the stop transaction() function during PowerOff events, potentially leaving the transaction open even after a remote stop. The authorized variable is central to this issue.

Recommendations Versions prior to 2026.02.0 should be updated to version 2026.02.0 or later.