Cve-2026-22790 — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/tags/cve-2026-22790/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioThu, 26 Mar 2026 15:16:31 +0000EVerest EV Charging Stack Remote Code Execution via Stack Buffer Overflow (CVE-2026-22790)https://feed.craftedsignal.io/briefs/2026-03-everest-rce/Thu, 26 Mar 2026 15:16:31 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-everest-rce/EVerest versions before 2026.02.0 are vulnerable to a stack-based buffer overflow (CVE-2026-22790) in the `HomeplugMessage::setup_payload` function, enabling remote code execution via network frames with oversized SLAC payloads.EVerest is an open-source software stack designed for managing EV charging infrastructure. Prior to version 2026.02.0, a critical vulnerability exists within the HomeplugMessage::setup_payload function. Specifically, the code trusts the len parameter after an assert statement during the processing of SLAC (Signal Level Attenuation Characterization) payloads. In release builds, the assert check is removed, which allows an attacker to send network frames with oversized SLAC payloads. This…

]]>criticaladvisoryeverestrcebuffer-overflowcve-2026-22790