CVE-2026-27816
Published: 26 March 2026
Summary
CVE-2026-27816 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Linuxfoundation Everest. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 requires validation of information inputs at defined points, directly preventing oversized MQTT payloads from triggering the buffer overflow in handle_update_energy_transfer_modes.
SI-2 mandates timely identification, reporting, and patching of flaws, addressing the buffer overflow vulnerability fixed in EVerest version 2026.02.0.
SI-16 implements memory protections such as stack canaries or DEP, mitigating out-of-bounds writes that corrupt EVSE state or crash the process.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in network-exposed EV charging software (MQTT handler) directly enables remote unauthenticated exploitation of a public-facing application (T1190) and results in process crashes or state corruption via application exploitation (T1499.004).
NVD Description
EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_update_energy_transfer_modes copies a variable-length list into a fixed-size array of length 6 without bounds checking. With schema validation disabled by default, oversized MQTT Cmd payloads can trigger out-of-bounds…
more
writes and corrupt adjacent EVSE state or crash the process. Version 2026.02.0 contains a patch.
Deeper analysisAI
CVE-2026-27816 is a buffer overflow vulnerability (CWE-787) in the EVerest EV charging software stack, affecting versions prior to 2026.02.0. The issue resides in the ISO15118_chargerImpl::handle_update_energy_transfer_modes function, which copies a variable-length list into a fixed-size array of length 6 without performing bounds checking. This flaw has a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H), indicating critical severity due to high integrity and availability impacts.
Unauthenticated attackers can exploit this vulnerability remotely over the network with low complexity and no user interaction required. By sending oversized MQTT command payloads—possible because schema validation is disabled by default—attackers can trigger out-of-bounds writes. This may corrupt adjacent EVSE state or cause the process to crash, potentially disrupting EV charging operations.
The EVerest GitHub security advisory (GHSA-gq54-j8f4-xj8c) confirms that version 2026.02.0 includes a patch to address the bounds checking issue. Security practitioners should upgrade to this version or later and consider enabling schema validation where feasible to mitigate risks from malformed MQTT payloads.
Details
- CWE(s)