Plataforma
other
Componente
everest-core
Corregido en
2025.12.2
CVE-2026-24003 describes an authentication bypass vulnerability discovered in Everest-Core, an EV charging software stack. This flaw allows attackers to circumvent sequence state verification, potentially manipulating the charging process and injecting illegitimate data. The vulnerability affects versions up to 2025.12.1, and a patch is available in version 2025.12.2.
Successful exploitation of CVE-2026-24003 could allow an attacker to manipulate the EV charging process without proper authentication. This could lead to unauthorized charging sessions, potentially incurring costs for the legitimate user or the charging station operator. The attacker could also potentially alter the charging parameters, leading to safety concerns or damage to the electric vehicle. While the description notes limitations preventing transitions out of the WaitingForAuthentication state, the ability to bypass authentication and manipulate state transitions represents a significant security risk.
CVE-2026-24003 was publicly disclosed on January 26, 2026. The vulnerability's impact stems from the ability to bypass authentication, a common attack vector in charging infrastructure. There is currently no indication of active exploitation or inclusion in the CISA KEV catalog. Public proof-of-concept code is not yet available.
Organizations and individuals deploying Everest-Core for EV charging infrastructure are at risk. This includes EV charging station operators, fleet managers, and users of electric vehicles who rely on these charging stations. Legacy deployments using older versions of Everest-Core are particularly vulnerable.
• linux / server: Monitor ISO 15118-2 communication logs for unexpected state transitions or authentication attempts. Use journalctl -f to observe real-time log activity.
journalctl -f | grep "state_transition" | grep "authentication"• generic web: Monitor network traffic for unusual ISO 15118-2 requests. Use curl to test the charging endpoint and observe the response headers and body for signs of manipulation.
curl -v https://<everest-core-endpoint>/iso15118disclosure
Estado del Exploit
EPSS
0.23% (45% percentil)
CISA SSVC
Vector CVSS
The primary mitigation for CVE-2026-24003 is to upgrade Everest-Core to version 2025.12.2 or later, which includes the fix for this vulnerability. If an immediate upgrade is not possible, consider implementing stricter access controls and monitoring charging sessions for suspicious activity. While specific WAF rules or proxy configurations are not detailed, monitoring for unusual ISO 15118-2 communication patterns could provide an early warning of potential exploitation attempts. After upgrading, verify the fix by attempting to initiate a charging session without proper authentication and confirming that the state verification is enforced.
Actualizar a una versión posterior a 2025.12.1 cuando esté disponible. Actualmente no hay versiones fijas disponibles. Monitorear el repositorio de EVerest para actualizaciones y aplicar el parche de seguridad tan pronto como se publique.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2026-24003 is a medium-severity vulnerability in Everest-Core versions up to 2025.12.1 that allows attackers to bypass authentication and manipulate charging states.
You are affected if you are using Everest-Core version 2025.12.1 or earlier. Upgrade to version 2025.12.2 or later to mitigate the risk.
Upgrade Everest-Core to version 2025.12.2 or later. If immediate upgrade is not possible, implement stricter access controls and monitor charging sessions.
There is currently no indication of active exploitation of CVE-2026-24003.
Refer to the official Everest-Core documentation and security advisories for the latest information regarding CVE-2026-24003.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.