{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-22790/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["everest","rce","buffer-overflow","cve-2026-22790"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eEVerest is an open-source software stack designed for managing EV charging infrastructure. Prior to version 2026.02.0, a critical vulnerability exists within the \u003ccode\u003eHomeplugMessage::setup_payload\u003c/code\u003e function. Specifically, the code trusts the \u003ccode\u003elen\u003c/code\u003e parameter after an \u003ccode\u003eassert\u003c/code\u003e statement during the processing of SLAC (Signal Level Attenuation Characterization) payloads. In release builds, the \u003ccode\u003eassert\u003c/code\u003e check is removed, which allows an attacker to send network frames with oversized SLAC payloads. This…\u003c/p\u003e\n","date_modified":"2026-03-26T15:16:31Z","date_published":"2026-03-26T15:16:31Z","id":"/briefs/2026-03-everest-rce/","summary":"EVerest versions before 2026.02.0 are vulnerable to a stack-based buffer overflow (CVE-2026-22790) in the `HomeplugMessage::setup_payload` function, enabling remote code execution via network frames with oversized SLAC payloads.","title":"EVerest EV Charging Stack Remote Code Execution via Stack Buffer Overflow (CVE-2026-22790)","url":"https://feed.craftedsignal.io/briefs/2026-03-everest-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-22790","version":"https://jsonfeed.org/version/1.1"}