CVE-2026-23995
Published: 26 March 2026
Summary
CVE-2026-23995 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Linuxfoundation Everest. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 requires validation of information inputs like interface names to prevent buffer overflows from exceeding IFNAMSIZ limits.
SI-16 enforces memory protections such as stack canaries, DEP, and ASLR to block code execution from stack buffer overflows.
SI-2 mandates timely flaw remediation by applying the patch in EVerest version 2026.02.0 to fix the buffer overflow vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local stack buffer overflow enabling arbitrary code execution with no privileges required.
NVD Description
EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name longer than IFNAMSIZ (16) to CAN open routines overflows `ifreq.ifr_name`, corrupting adjacent stack data and enabling potential code…
more
execution. A malicious or misconfigured interface name can trigger this before any privilege checks. Version 2026.02.0 contains a patch.
Deeper analysisAI
CVE-2026-23995 is a stack-based buffer overflow vulnerability (CWE-121) in the EVerest EV charging software stack, affecting versions prior to 2026.02.0. The issue occurs during CAN interface initialization when an interface name longer than IFNAMSIZ (16 bytes) is passed to CAN open routines, overflowing the `ifreq.ifr_name` buffer and corrupting adjacent stack data. This can enable potential arbitrary code execution.
A local attacker with no privileges required (PR:N) can exploit this vulnerability with low complexity (AC:L) and no user interaction (UI:N), as scored at CVSS 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). By providing a malicious or misconfigured interface name, the attacker can trigger the overflow before any privilege checks, potentially achieving high-impact confidentiality, integrity, and availability violations, including code execution on the affected system.
The GitHub Security Advisory (GHSA-p47c-2jpr-mpwx) confirms that EVerest version 2026.02.0 addresses the vulnerability with a patch. Security practitioners should upgrade to this version or later to mitigate the risk.
Details
- CWE(s)