CVE-2026-27813
Use-After-Free Data Race in EVerest EV Charging Software
Publication date: 2026-03-26
Last updated on: 2026-03-30
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linuxfoundation | everest | to 2026.02.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-27813 is a use-after-free vulnerability caused by a data race condition in the Everest EVSE core software, specifically in the timer callback handling within the authentication timeout logic.
The vulnerability occurs because the timer callback function is updated and accessed concurrently by multiple threads without proper synchronization. This happens when external events such as EV plug-in/unplug and authorization events (RFID, RemoteStart, OCPP) trigger overlapping operations on the timer.
Due to this race condition, the timer thread may invoke a callback function that has already been freed or overwritten, leading to undefined behavior such as crashes.
The root cause is that the timer's callback is updated in the timeout() method without locking, while the timer thread may simultaneously execute the callback, causing a data race.
This issue was fixed in version 2026.02.0 by adding proper synchronization to prevent concurrent access to the callback.
How can this vulnerability impact me? :
This vulnerability can lead to crashes or undefined behavior in the Everest EV charging software stack during normal operation involving EV plug-in/unplug and authorization events.
Specifically, the use-after-free condition may cause the software to access invalid memory, potentially resulting in denial of service due to application crashes.
Since the vulnerability affects the authentication timeout handling, it could disrupt the authorization process for EV charging sessions, impacting availability and reliability.
The CVSS base score of 5.3 indicates a medium severity impact, with high impact on availability and low impact on confidentiality and integrity.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a data race leading to a use-after-free condition in the Everest EVSE core software, triggered by concurrent EV plug-in/unplug and authorization events. Detection involves monitoring for race conditions and use-after-free errors in the software.
Tools like ThreadSanitizer (TSAN) can detect data races on the Timer::callback member, and AddressSanitizer (ASAN) can report heap-use-after-free crashes during test teardown.
Suggested commands include running the Everest EVSE software under ThreadSanitizer and AddressSanitizer to identify race conditions and memory errors. For example:
- Compile the Everest EVSE software with ThreadSanitizer enabled and run the test suite or reproduce the plug-in/unplug and authorization events to detect data races.
- Compile and run the software with AddressSanitizer to catch use-after-free errors during runtime or shutdown.
- Monitor logs for crashes or undefined behavior related to timer callbacks during authorization or plug-in events.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the Everest EVSE software to version 2026.02.0 or later, which contains a patch that fixes the race condition and use-after-free vulnerability.
Until the upgrade can be applied, consider minimizing concurrent authorization and plug-in/unplug events or delaying their processing to reduce the chance of triggering the race condition.
Additionally, monitor the system for crashes or abnormal behavior related to timer callbacks and avoid running unpatched versions in production environments.