How can this vulnerability impact me? :

This vulnerability can lead to corruption of internal data structures within the Everest EV charging software, potentially causing system crashes or undefined behavior.

Such crashes or memory corruption could disrupt EV charging operations, leading to service outages or failures in processing critical events like firmware updates or fault notifications.

In a deployed environment, this could result in reduced reliability and availability of the EV charging system, impacting users and operators.

Useful 0 Not Useful 0

Can you explain this vulnerability to me?

CVE-2026-26074 is a concurrency vulnerability in the Everest EV charging software stack, specifically in the OCPP201 module's event handling system.

The issue arises from a data race condition involving the `event_queue`, which is a `std::map` of `std::queue` containers used to store various event types such as error events, firmware update statuses, and log statuses.

The vulnerability is triggered when a network request like CSMS GetLog or UpdateFirmware is processed simultaneously with a physical EVSE fault event.

The root cause is inconsistent locking: error event handlers use a mutex lock to protect access to the `event_queue`, but firmware update and log status callbacks modify the queue without acquiring this lock.

This leads to unsynchronized concurrent access, causing potential corruption of the internal state of the `std::map` and `std::queue` containers, which can result in crashes, memory corruption, or undefined behavior.

The issue was detected by ThreadSanitizer during testing and fixed in Everest version 2026.02.0 by ensuring consistent locking.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring for data races and concurrent unsynchronized access to the event_queue container in the Everest OCPP201 module. ThreadSanitizer (TSAN) was used to detect the data race during unit testing, showing concurrent reads and writes to the std::map's internal structures without proper locking.

To detect this on your system, you can run ThreadSanitizer-enabled builds of the Everest software and execute tests or operations that trigger simultaneous CSMS GetLog or UpdateFirmware requests along with EVSE fault events.

Suggested commands include running the Everest test suite with ThreadSanitizer enabled, for example:

• Compile Everest with ThreadSanitizer flags (e.g., -fsanitize=thread) enabled.
• Run the unit test that reproduces the issue: Ocpp201EventQueueTest.EventQueueLockMismatchDataRaceRepro.
• Monitor logs for TSAN reports indicating concurrent access to event_queue.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to upgrade the Everest software to version 2026.02.0 or later, where the data race issue has been fixed by ensuring consistent locking around the event_queue.

Until the upgrade can be applied, avoid triggering simultaneous CSMS GetLog or UpdateFirmware requests while EVSE fault events occur, as this concurrency leads to the data race.

Additionally, review and apply any patches or configuration changes that enforce proper mutex locking (session_event_mutex) around all accesses to event_queue.

Useful 0 Not Useful 0

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0