{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/everest/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["everest","buffer-overflow","cve-2026-23995","ev-charging"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eEVerest is an open-source software stack for electric vehicle (EV) charging infrastructure. A stack-based buffer overflow vulnerability, tracked as CVE-2026-23995, affects versions prior to 2026.02.0. The vulnerability stems from improper handling of CAN (Controller Area Network) interface names during initialization. Specifically, when an interface name exceeding IFNAMSIZ (16 bytes) is supplied to CAN open routines, the \u003ccode\u003eifreq.ifr_name\u003c/code\u003e buffer overflows, potentially corrupting adjacent stack…\u003c/p\u003e\n","date_modified":"2026-03-27T12:00:00Z","date_published":"2026-03-27T12:00:00Z","id":"/briefs/2026-03-everest-can-overflow/","summary":"A stack-based buffer overflow vulnerability exists in EVerest EV charging software stack versions prior to 2026.02.0. Passing an interface name longer than 16 characters to CAN open routines overflows `ifreq.ifr_name`, potentially leading to code execution.","title":"EVerest CAN Interface Stack Buffer Overflow Vulnerability (CVE-2026-23995)","url":"https://feed.craftedsignal.io/briefs/2026-03-everest-can-overflow/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["cve-2026-26074","data-race","ev-charging","everest"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eEVerest, an EV charging software stack, is susceptible to a data race vulnerability identified as CVE-2026-26074. This flaw affects versions prior to 2026.02.0. The vulnerability arises from concurrent access to the \u003ccode\u003eevent_queue\u003c/code\u003e, specifically a \u003ccode\u003estd::map\u0026lt;std::queue\u0026gt;\u003c/code\u003e, when a CSMS (Charging Station Management System) GetLog or UpdateFirmware request (originating from the network) coincides with an EVSE (Electric Vehicle Supply Equipment) fault event (a physical occurrence). This combination of…\u003c/p\u003e\n","date_modified":"2026-03-26T17:16:33Z","date_published":"2026-03-26T17:16:33Z","id":"/briefs/2026-03-everest-data-race/","summary":"EVerest versions prior to 2026.02.0 exhibit a data race vulnerability (CVE-2026-26074) where concurrent network requests and physical events can corrupt the event queue, leading to potential denial of service or other undefined behavior.","title":"EVerest EV Charging Stack Data Race Vulnerability (CVE-2026-26074)","url":"https://feed.craftedsignal.io/briefs/2026-03-everest-data-race/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["everest","rce","buffer-overflow","cve-2026-22790"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eEVerest is an open-source software stack designed for managing EV charging infrastructure. Prior to version 2026.02.0, a critical vulnerability exists within the \u003ccode\u003eHomeplugMessage::setup_payload\u003c/code\u003e function. Specifically, the code trusts the \u003ccode\u003elen\u003c/code\u003e parameter after an \u003ccode\u003eassert\u003c/code\u003e statement during the processing of SLAC (Signal Level Attenuation Characterization) payloads. In release builds, the \u003ccode\u003eassert\u003c/code\u003e check is removed, which allows an attacker to send network frames with oversized SLAC payloads. This…\u003c/p\u003e\n","date_modified":"2026-03-26T15:16:31Z","date_published":"2026-03-26T15:16:31Z","id":"/briefs/2026-03-everest-rce/","summary":"EVerest versions before 2026.02.0 are vulnerable to a stack-based buffer overflow (CVE-2026-22790) in the `HomeplugMessage::setup_payload` function, enabling remote code execution via network frames with oversized SLAC payloads.","title":"EVerest EV Charging Stack Remote Code Execution via Stack Buffer Overflow (CVE-2026-22790)","url":"https://feed.craftedsignal.io/briefs/2026-03-everest-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — Everest","version":"https://jsonfeed.org/version/1.1"}