Platform
other
Component
everest
Fixed in
2026.02.0
CVE-2026-22790 describes a remote code execution (RCE) vulnerability within EVerest Core, an EV charging software stack. This flaw arises from a trust issue with the len parameter after an assert in the HomeplugMessage::setup_payload function. In release builds, a crucial check is removed, allowing oversized SLAC payloads to be memcpy'd into a stack buffer, potentially corrupting the stack and enabling attackers to execute arbitrary code. The vulnerability affects versions of EVerest Core prior to 2026.02.0, and a patch is available in version 2026.02.0.
The impact of CVE-2026-22790 is severe, as it allows for remote code execution. An attacker can craft malicious SLAC payloads and send them over the network to a vulnerable EVerest Core instance. Due to the stack buffer overflow, the attacker can overwrite critical data on the stack, potentially gaining control of the charging station's system. This could lead to unauthorized access to sensitive data, manipulation of charging processes, or even complete compromise of the charging infrastructure. The blast radius extends to any device or system connected to the affected EVerest Core instance, potentially impacting the entire EV charging network. This vulnerability shares similarities with other stack-based buffer overflow exploits, where carefully crafted input can hijack program execution.
CVE-2026-22790 was publicly disclosed on March 26, 2026. Its severity is considered HIGH, indicating a significant risk. As of the current date, there is no indication of active exploitation campaigns targeting this vulnerability. No public proof-of-concept (PoC) code has been released. The vulnerability has not yet been added to the CISA KEV catalog.
Exploit Status
EPSS
0.06% (20% percentile)
CISA SSVC
The primary mitigation for CVE-2026-22790 is to upgrade EVerest Core to version 2026.02.0 or later, which includes the necessary patch. If upgrading immediately is not feasible, consider implementing temporary workarounds. Network segmentation can limit the attack surface by isolating the EVerest Core instance from untrusted networks. Monitor network traffic for unusually large SLAC payloads, as these could indicate an attempted exploit. While a WAF or proxy may not directly prevent the overflow, it can be configured to filter out suspicious SLAC traffic. After upgrading to the patched version, verify the fix by sending a test SLAC payload designed to trigger the original vulnerability and confirming that it no longer results in a crash or unexpected behavior.
Update EVerest to version 2026.02.0 or later. This version contains a fix to prevent the buffer overflow in the `HomeplugMessage::setup_payload` function.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-22790 is a remote code execution vulnerability in EVerest Core versions prior to 2026.02.0. It allows attackers to execute arbitrary code by exploiting a stack buffer overflow caused by oversized SLAC payloads.
You are affected if you are using EVerest Core version 2026.02.0 or earlier. Upgrade to version 2026.02.0 to mitigate the risk.
Upgrade EVerest Core to version 2026.02.0 or later. As a temporary workaround, consider network segmentation and monitoring for suspicious SLAC traffic.
As of now, there is no evidence of active exploitation campaigns targeting CVE-2026-22790.
Refer to the official EVerest documentation and security advisories on their website for the latest information and updates regarding CVE-2026-22790.
CVSS Vector
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.