Compliance Impact

This vulnerability allows an attacker with local access and no privileges to cause a stack-based buffer overflow, potentially leading to arbitrary code execution and full compromise of confidentiality, integrity, and availability of the affected system.

Such a compromise can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity to prevent unauthorized access and data breaches.

Therefore, if exploited, this vulnerability could lead to violations of these regulations due to potential unauthorized disclosure, alteration, or disruption of protected data.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-22593 is a high-severity off-by-one stack buffer overflow vulnerability in the IsoMux certificate filename parsing within the everest-core package of the EVerest EV charging software stack.

The flaw occurs because the code incorrectly allows filenames with a length equal to the maximum allowed length (100 bytes) to pass a boundary check. When such a filename is copied into a fixed-size 100-byte buffer using strcpy, it causes a one-byte overflow beyond the buffer boundary.

This overflow corrupts the stack state and can potentially lead to arbitrary code execution. The vulnerability can be triggered by an attacker who can place or influence files with crafted filenames in the certificate directory scanned by the software.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows an attacker with local access and no privileges to cause a stack-based buffer overflow, which can corrupt the stack state.

The impact includes potential arbitrary code execution, leading to a full compromise of the affected system's confidentiality, integrity, and availability.

Because the attack complexity is low and no user interaction or privileges are required, the risk is significant for systems running vulnerable versions.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability occurs when the software scans a directory containing certificate filenames of exactly 100 characters, causing a stack-based buffer overflow. Detection involves checking for the presence of such filenames in the PKI/CA certificate directory used by the everest-core package.

You can detect potentially malicious files by listing files with names of length 100 in the certificate directory. For example, using a command like:

• find /path/to/certificate/directory -type f -name '????????????????????????????????????????????????????????????????????????????????????????????????????'

This command searches for files with exactly 100 characters in their filename (each '?' represents one character). Identifying such files can help detect attempts to exploit this vulnerability.

Additionally, monitoring application logs or running the software under debugging tools like AddressSanitizer can reveal stack-buffer-overflow errors triggered by these filenames.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation is to upgrade the everest-core package to version 2026.02.0 or later, where the off-by-one stack buffer overflow vulnerability has been patched.

Until the upgrade can be applied, ensure that no files with filenames of length exactly 100 characters exist in the certificate directory used by the IsoMux component, as these trigger the overflow.

Restrict local access to the system and the certificate directory to trusted users only, since the attack requires local file placement.

Consider monitoring the system for unusual crashes or behavior indicative of exploitation attempts.

Useful 0 Not Useful 0