CVE-2026-27828
Received Received - Intake
Use-After-Free in EVerest ISO15118 Charger Causes Remote Crash

Publication date: 2026-03-26

Last updated on: 2026-03-31

Assigner: GitHub, Inc.

Description
EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118_chargerImpl::handle_session_setup uses v2g_ctx after it has been freed when ISO15118 initialization fails (e.g., no IPv6 link-local address). The EVSE process can be crashed remotely by an attacker with MQTT access who issues a session_setup command while v2g_ctx has been released. Version 2026.02.0 contains a patch.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-26
Last Modified
2026-03-31
Generated
2026-06-16
AI Q&A
2026-03-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-27828
EUVD
EUVD-2026-16228
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linuxfoundation everest to 2026.02.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

Immediate mitigation steps include upgrading the EVerest EVSE software to version 2026.02.0 or later, which contains the patch that fixes the use-after-free vulnerability.

Additional mitigations before upgrading include:

  • Disable or restrict MQTT access to prevent unauthorized session_setup commands.
  • Ensure that the ISO15118 initialization does not fail by verifying network configuration, especially the presence of an IPv6 link-local address.
  • Monitor and restrict command handlers to prevent race conditions and use-after-free scenarios.
Executive Summary

CVE-2026-27828 is a use-after-free vulnerability in the EVerest EV charging software stack, specifically in the ISO15118 session_setup handling. The issue occurs when the software tries to use a context pointer (v2g_ctx) after it has already been freed due to a failed initialization (such as missing an IPv6 link-local address). An attacker with MQTT access can exploit this by sending a session_setup command, causing the software to dereference the freed pointer and crash the EVSE process.

Impact Analysis

This vulnerability can be exploited remotely by an attacker with MQTT access to cause the EVSE process to crash. This results in a denial-of-service (DoS) condition, potentially disrupting EV charging operations and causing service unavailability.

Detection Guidance

This vulnerability can be detected by monitoring the EVSE process for crashes or denial-of-service symptoms triggered by MQTT session_setup commands. Since the issue occurs when an attacker with MQTT access sends a session_setup command after ISO15118 initialization fails, observing unexpected process crashes or logs related to session_setup handling may indicate exploitation attempts.

Commands to detect this might include monitoring the EVSE process logs and MQTT traffic for suspicious session_setup commands, for example using:

  • Use system logs or journalctl to check for EVSE process crashes: `journalctl -u evse.service -f`
  • Capture and analyze MQTT traffic for session_setup commands using tools like `mosquitto_sub` or `tcpdump`: `mosquitto_sub -t 'session_setup' -v` or `tcpdump -i any port 1883`
  • Check for IPv6 link-local address availability on the network interface, since failure to obtain it triggers the vulnerability: `ip -6 addr show`
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27828. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart