EVerest EV Charging Stack Remote Code Execution via Stack Buffer Overflow (CVE-2026-22790)
EVerest versions before 2026.02.0 are vulnerable to a stack-based buffer overflow (CVE-2026-22790) in the `HomeplugMessage::setup_payload` function, enabling remote code execution via network frames with oversized SLAC payloads.
EVerest is an open-source software stack designed for managing EV charging infrastructure. Prior to version 2026.02.0, a critical vulnerability exists within the HomeplugMessage::setup_payload function. Specifically, the code trusts the len parameter after an assert statement during the processing of SLAC (Signal Level Attenuation Characterization) payloads. In release builds, the assert check is removed, which allows an attacker to send network frames with oversized SLAC payloads. This…
Detection coverage 2
Detect Large SLAC Payloads to EVerest
mediumDetects network connections with unusually large payloads potentially targeting the EVerest stack buffer overflow.
Detect memcpy near HomeplugMessage::setup_payload (Generic)
lowDetects process execution that contains memcpy near HomeplugMessage::setup_payload. This is a generic detection to assist in further investigation of the memcpy exploitation.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1