CVE-2026-22790

HIGH

EVerest's unchecked SLAC payload length causes stack overflow in HomeplugMessage::setup_payload

Title source: cna

Description

EVerest is an EV charging software stack. Prior to version 2026.02.0, `HomeplugMessage::setup_payload` trusts `len` after an `assert`; in release builds the check is removed, so oversized SLAC payloads are `memcpy`'d into a ~1497-byte stack buffer, corrupting the stack and enabling remote code execution from network-provided frames. Version 2026.02.0 contains a patch.

References (1)

[X_Refsource_Confirm] https://github.com/EVerest/EVerest/security/advisories/GHSA-wh8w-7cfc-gq7m

Scores

CVSS v3 8.8

EPSS 0.0007

EPSS Percentile 21.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-121

Status published

Products (2)

EVerest/everest-core < 2026.02.0

linuxfoundation/everest < 2026.02.0

Published Mar 26, 2026

Tracked Since Mar 26, 2026