Platform
linux
Component
everest
Fixed in
2026.02.0
CVE-2026-23995 describes a buffer overflow vulnerability within Everest-Core, an EV charging software stack. This flaw allows an attacker to potentially execute arbitrary code by crafting a malicious CAN interface name exceeding the expected length. Versions of Everest-Core prior to 2026.02.0 are affected, and a patch is available in version 2026.02.0.
The core of this vulnerability lies in the initialization of the CAN interface. When an interface name longer than 16 characters (IFNAMSIZ) is passed to the CAN open routines, it overflows the ifreq.ifr_name buffer on the stack. This corruption can overwrite adjacent stack data, potentially overwriting return addresses or other critical control data. An attacker could then inject malicious code, leading to arbitrary code execution with the privileges of the process running Everest-Core. The lack of privilege checks before this operation amplifies the risk, allowing even unauthenticated or low-privilege actors to trigger the overflow. Successful exploitation could lead to complete system compromise, including data theft, denial of service, and further malicious actions.
This vulnerability was publicly disclosed on March 26, 2026. Currently, there are no known public exploits or active campaigns targeting CVE-2026-23995. The vulnerability is not listed on the CISA KEV catalog. While a proof-of-concept is not yet publicly available, the ease of triggering the buffer overflow suggests a moderate likelihood of exploitation if a suitable exploit is developed.
Exploit Status
EPSS
0.01% (2% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-23995 is to upgrade Everest-Core to version 2026.02.0 or later, which includes the necessary patch. If an immediate upgrade is not feasible due to compatibility issues or system downtime constraints, consider implementing temporary workarounds. Restricting the length of CAN interface names to 16 characters or less can prevent the overflow, although this may impact legitimate interface configurations. Network segmentation and strict firewall rules can limit the attack surface by preventing unauthorized access to the CAN interface. Monitor system logs for unusual CAN interface activity or errors related to interface initialization. After upgrading, confirm the fix by attempting to create a CAN interface with a name exceeding 16 characters; the operation should fail with an error indicating the name is too long.
Update EVerest to version 2026.02.0 or later. This version contains a fix for the stack buffer overflow in CAN interface initialization.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-23995 is a buffer overflow vulnerability in Everest-Core versions prior to 2026.02.0. A long CAN interface name can overwrite stack data, potentially leading to code execution.
You are affected if you are running Everest-Core versions 2026.02.0 or earlier on a Linux system. Check your version and upgrade immediately.
Upgrade to Everest-Core version 2026.02.0 or later. As a temporary workaround, restrict CAN interface names to 16 characters or less.
Currently, there are no confirmed reports of active exploitation, but the vulnerability's nature suggests a potential risk.
Refer to the official Everest-Core documentation and security advisories on the vendor's website for the most up-to-date information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.