PT-2026-28465 · Everest · Everest
Finder16
·
Published
2026-03-26
·
Updated
2026-03-27
·
CVE-2026-33015
CVSS v3.1
5.2
Medium
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
EVerest versions prior to 2026.02.0
Description
EVerest is an EV charging software stack. Before version 2026.02.0, even after a
RemoteStop (StopTransaction) is performed by the CSMS, the EVSE can return to PrepareCharging through the EV’s BCB toggle, allowing session restart. This breaks the irreversibility of the remote stop and can bypass operational, billing, and safety controls. The RemoteStop function is performed by the CSMS. The EVSE returns to the PrepareCharging state via the EV’s BCB toggle.Recommendations
Update to version 2026.02.0 or later.
Exploit
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Everest