NextGuard
UNKNOWNCVE-2026-33009

EVerest: MQTT Switch-Phases Command Data Race Causing Charger State Corruptio

Platform

other

Component

everest

Fixed in

2026.02.0

View on NVD

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB (potential memory corruption). This is triggered by an MQTT `everest_external/nodered/{connector}/cmd/switch_three_phases_while_charging` message and results in `Charger::shared_context` / `internal_context` accessed concurrently without lock. Version 2026.02.0 contains a patch.

How to fix

Actualice EVerest a la versión 2026.02.0 o posterior. Esta versión contiene la corrección para la condición de carrera que causa la corrupción del estado del cargador.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free
CVE-2026-33009 — Vulnerability Details | NextGuard | NextGuard