CVE-2026-9038
Awaiting Analysis Awaiting Analysis - Queue
Stack-Based Buffer Overflow in Charging Controller Firmware

Publication date: 2026-05-28

Last updated on: 2026-05-28

Assigner: ICS-CERT

Description
A stack-based buffer overflow vulnerability in the charging controller’s signal-processing logic allows an attacker with physical access to the charging interface to supply message fields that exceed expected bounds. Because the input is not sufficiently validated, memory corruption may occur, which can lead to execution of unauthorized code with elevated privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-05-28
Generated
2026-06-18
AI Q&A
2026-05-29
EPSS Evaluated
2026-06-16
NVD
CVE-2026-9038
EUVD
EUVD-2026-33003
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a stack-based buffer overflow in the charging controller's signal-processing logic. It occurs because the controller does not properly validate the size of message fields supplied through the charging interface. An attacker with physical access can send message fields that exceed the expected size limits, causing memory corruption.

This memory corruption can lead to the execution of unauthorized code with elevated privileges, meaning the attacker could potentially take control of the device or system.

Impact Analysis

The impact of this vulnerability includes the possibility of an attacker executing unauthorized code with elevated privileges on the affected device. This could lead to full control over the charging controller or the system it is part of.

Because the attacker needs physical access to the charging interface, remote exploitation is not possible, but physical compromise could result in significant security breaches.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9038. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart