Linuxfoundation Everest — known CVE vulnerabilities
Every CVE whose affected-product data names Linuxfoundation Everest, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (29)
CVE-2026-27815 — CVSS 9.1 (critical): EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_session_setup copies a…
CVE-2026-27816 — CVSS 9.1 (critical): EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_update_energy_transfer_modes copies…
CVE-2026-22790 — CVSS 8.8 (high): EVerest is an EV charging software stack. Prior to version 2026.02.0, `HomeplugMessage::setup_payload` trusts `len` after an `assert`; in…
CVE-2026-23995 — CVSS 8.4 (high): EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing…
CVE-2026-22593 — CVSS 8.4 (high): EVerest is an EV charging software stack. Prior to version 2026.02.0, an off-by-one check in IsoMux certificate filename handling causes a…
CVE-2025-68137 — CVSS 8.3 (high): EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in `SdpPacket::parse_header()` allows…
CVE-2026-33009 — CVSS 8.2 (high): EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB (potential memory corruption)…
CVE-2026-27828 — CVSS 7.5 (high): EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118_chargerImpl::handle_session_setup uses v2g_ctx after it has…
CVE-2026-26008 — CVSS 7.5 (high): EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an out-of-bounds access (std::vector) that leads to possible…
CVE-2025-68136 — CVSS 7.4 (high): EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of…
CVE-2025-68141 — CVSS 7.4 (high): EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a `DC_ChargeLoopRes` message that…
CVE-2025-68133 — CVSS 7.4 (high): EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause…
CVE-2025-68134 — CVSS 7.4 (high): EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the `assert` function to handle errors frequently causes…
CVE-2026-26074 — CVSS 7.0 (high): EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible `std::map<std::queue>`…
CVE-2025-68135 — CVSS 6.5 (medium): EVerest is an EV charging software stack. Prior to version 2025.10.0, C++ exceptions are not properly handled for and by the…
CVE-2026-26073 — CVSS 5.9 (medium): EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible `std::queue`/`std::deque`…
CVE-2026-27813 — CVSS 5.3 (medium): EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to use-after-free. This is triggered by EV…
CVE-2026-33015 — CVSS 5.2 (medium): EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop (StopTransaction)…
CVE-2026-33014 — CVSS 5.2 (medium): EVerest is an EV charging software stack. Prior to version 2026.02.0, during RemoteStop processing, a delayed authorization response…
CVE-2026-29044 — CVSS 5.0 (medium): EVerest is an EV charging software stack. Prior to version 2026.02.0, when WithdrawAuthorization is processed before the TransactionStarted…
CVE-2025-68132 — CVSS 4.6 (medium): EVerest is an EV charging software stack. Prior to version 2025.12.0, `is_message_crc_correct` in the DZG_GSH01 powermeter SLIP parser…
CVE-2026-26070 — CVSS 4.6 (medium): EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::map<std::optional>` concurrent…
CVE-2025-68139 — CVSS 4.3 (medium): EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for `terminate_connection_on_fail…
CVE-2026-24003 — CVSS 4.3 (medium): EVerest is an EV charging software stack. In versions up to and including 2025.12.1, it is possible to bypass the sequence state…
CVE-2025-68140 — CVSS 4.3 (medium): EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is…
CVE-2026-26072 — CVSS 4.2 (medium): EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::map<std::optional>` concurrent…
CVE-2026-27814 — CVSS 4.2 (medium): EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race (C++ UB) triggered by an A 1-phase ↔ 3-phase…
CVE-2026-23955 — CVSS 4.2 (medium): EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer values are concatenated to literal strings…
CVE-2026-26071 — CVSS 4.2 (medium): EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::string` concurrent access. with…