CVE-2026-26073— EVerest 安全漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2026-26073の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
EVerest: OCPP 1.6 heap corruption caused by lock-free insertion in event_queue
ソース: NVD (National Vulnerability Database)
脆弱性説明
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible `std::queue`/`std::deque` corruption. The trigger is powermeter public key update and EV session/error events (while OCPP not started). This results in a TSAN data race report and an ASAN/UBSAN misaligned address runtime error being observed. Version 2026.02.0 contains a patch.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
堆缓冲区溢出
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
EVerest 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
EVerest是EVerest开源的一个电动汽车充电桩的固件。 EVerest 2026.02.0之前版本存在安全漏洞,该漏洞源于数据竞争,可能导致队列或双端队列损坏。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| EVerest | everest-core | < 2026.02.0 | - |
II. CVE-2026-26073の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2026-26073のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · EVerest · 2026-03-26 · 18 CVEs total
| CVE-2026-22790 | 8.8 HIGH | EVerest's unchecked SLAC payload length causes stack overflow in HomeplugMessage::setup_pa |
| CVE-2026-22593 | 8.4 HIGH | EVerest has off-by-one stack buffer overflow in IsoMux certificate filename parsing |
| CVE-2026-23995 | 8.4 HIGH | EVerest has stack buffer overflow in ifreq.ifr_name when interface name exceeds IFNAMSIZ |
| CVE-2026-33009 | 8.2 HIGH | EVerest: MQTT Switch-Phases Command Data Race Causing Charger State Corruptio |
| CVE-2026-26008 | 7.5 HIGH | EVerest has OOB via EVSE ID Indexing Mismatch in OCPP 2.0.1 UpdateAllowedEnergyTransferMod |
| CVE-2026-26074 | 7.0 HIGH | EVerest: OCPP201 startup event_queue lock mismatch leads to std::map/std::queue data race |
| CVE-2026-27813 | 5.3 MEDIUM | EVerest has use-after-free in auth timeout timer via race condition |
| CVE-2026-33015 | 5.2 MEDIUM | EVerest has RemoteStop Bypass via BCB Toggle Session Restart |
| CVE-2026-33014 | 5.2 MEDIUM | EVerest has Delayed Authorization Response Bypasses Termination After RemoteStop |
| CVE-2026-29044 | 5.0 MEDIUM | EVerest: Charging Continues When WithdrawAuthorization Is Processed Before TransactionStar |
| CVE-2026-26070 | 4.6 MEDIUM | EVerest: OCPP 2.0.1 EV SoC Update Race Causes Charge Point Crash |
| CVE-2026-27814 | 4.2 MEDIUM | EVerest EvseManager phase-switch path has unsynchronized shared-state access race conditio |
| CVE-2026-26071 | 4.2 MEDIUM | EVerest: OCPP 2.0.1 EVCCID Data Race Leads to Heap Use‑After‑Free |
| CVE-2026-26072 | 4.2 MEDIUM | EVerest has race-condition-induced std::map corruption in OCPP 1.6 evse_soc_map |
| CVE-2026-27815 | EVerest: ISO15118 session_setup payment options overflow can corrupt EVSE state | |
| CVE-2026-27816 | EVerest's ISO15118 update_energy_transfer_modes overflow can corrupt EVSE state | |
| CVE-2026-27828 | EVerest: ISO15118 session_setup use-after-free can crash EVSE process |
IV. 関連脆弱性
同じ製品: everest-core
- CVE-2026-33015
EVerest has RemoteStop Bypass via BCB Toggle Session Restart - CVE-2026-33014
EVerest has Delayed Authorization Response Bypasses Terminat - CVE-2026-33009
EVerest: MQTT Switch-Phases Command Data Race Causing Charge - CVE-2026-29044
EVerest: Charging Continues When WithdrawAuthorization Is Pr - CVE-2026-27828
EVerest: ISO15118 session_setup use-after-free can crash EVS
同じベンダー: EVerest
- CVE-2026-33015
EVerest has RemoteStop Bypass via BCB Toggle Session Restart - CVE-2026-33014
EVerest has Delayed Authorization Response Bypasses Terminat - CVE-2026-33009
EVerest: MQTT Switch-Phases Command Data Race Causing Charge - CVE-2026-29044
EVerest: Charging Continues When WithdrawAuthorization Is Pr - CVE-2026-27828
EVerest: ISO15118 session_setup use-after-free can crash EVS
同じ弱点: CWE-122
- CVE-2026-8261
Squirrel sqobject.cpp Load heap-based overflow - CVE-2026-8213
OSGeo gdal Grid File GDapi.c GDSDfldsrch heap-based overflow - CVE-2026-8212
OSGeo gdal SWapi.c SWSDfldsrch heap-based overflow - CVE-2026-42309
Pillow: Heap buffer overflow with nested list coordinates - CVE-2026-45130
Vim: Heap Buffer Overflow in spell file loading
V. CVE-2026-26073へのコメント
まだコメントはありません