CVE-2026-22790HIGH 8.8EPSS p40.3%

CVE-2026-22790CVE-2026-22790

Description

EVerest is an EV charging software stack. Prior to version 2026.02.0, `HomeplugMessage::setup_payload` trusts `len` after an `assert`; in release builds the check is removed, so oversized SLAC payloads are `memcpy`'d into a ~1497-byte stack buffer, corrupting the stack and enabling remote code execution from network-provided frames. Version 2026.02.0 contains a patch.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.53% probability of exploitation · percentile 40.3% · 2026-06-18T12:00:27Z
Published2026-03-26
Last modified2026-03-31

Underlying weaknesses· 1

CWE-121

References

  1. https://github.com/EVerest/EVerest/security/advisories/GHSA-wh8w-7cfc-gq7m
  2. https://github.com/EVerest/EVerest/security/advisories/GHSA-wh8w-7cfc-gq7m

1

TypeTargetConfidenceTier
WeaknessStack-based Buffer Overflowcwe-1210%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-27816
CVE
CVE-2026-27815
CVE
CVE-2025-68137
CVE
CVE-2025-5827
CVE
CVE-2026-24465
CVE
CVE-2026-37228
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.