Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

EVerest — Vulnerabilities & Security Advisories 33

Browse all 33 CVE security advisories affecting EVerest. AI-powered Chinese analysis, POCs, and references for each vulnerability.

EVerest functions as an enterprise-grade identity and access management solution, primarily facilitating single sign-on and user lifecycle automation for large organizations. Security audits have identified thirty-three Common Vulnerabilities and Exposures (CVEs) associated with the platform, indicating a persistent attack surface. Historically, these flaws predominantly involve remote code execution and cross-site scripting, allowing attackers to inject malicious scripts or execute arbitrary commands within the application environment. Additionally, several incidents highlight privilege escalation vulnerabilities, where authenticated users could bypass authorization controls to access restricted administrative functions. While specific major breaches involving EVerest remain less publicized compared to broader identity provider outages, the cumulative nature of these CVEs suggests systemic weaknesses in input validation and session management. Organizations utilizing this software must prioritize rigorous patching and continuous monitoring to mitigate risks associated with these documented exploitation vectors.

Top products by EVerest: everest-core libocpp
CVE IDTitleCVSSSeverityPublished
CVE-2026-33015 EVerest has RemoteStop Bypass via BCB Toggle Session Restart — everest-coreCWE-863 5.2 Medium2026-03-26
CVE-2026-33014 EVerest has Delayed Authorization Response Bypasses Termination After RemoteStop — everest-coreCWE-863 5.2 Medium2026-03-26
CVE-2026-33009 EVerest: MQTT Switch-Phases Command Data Race Causing Charger State Corruptio — everest-coreCWE-362 8.2 High2026-03-26
CVE-2026-29044 EVerest: Charging Continues When WithdrawAuthorization Is Processed Before TransactionStarted — everest-coreCWE-863 5.0 Medium2026-03-26
CVE-2026-27828 EVerest: ISO15118 session_setup use-after-free can crash EVSE process — everest-coreCWE-416 7.5 -2026-03-26
CVE-2026-27816 EVerest's ISO15118 update_energy_transfer_modes overflow can corrupt EVSE state — everest-coreCWE-787 8.2 -2026-03-26
CVE-2026-27815 EVerest: ISO15118 session_setup payment options overflow can corrupt EVSE state — everest-coreCWE-787 8.2 -2026-03-26
CVE-2026-27814 EVerest EvseManager phase-switch path has unsynchronized shared-state access race condition — everest-coreCWE-362 4.2 Medium2026-03-26
CVE-2026-27813 EVerest has use-after-free in auth timeout timer via race condition — everest-coreCWE-416 5.3 Medium2026-03-26
CVE-2026-26074 EVerest: OCPP201 startup event_queue lock mismatch leads to std::map/std::queue data race — everest-coreCWE-362 7.0 High2026-03-26
CVE-2026-26073 EVerest: OCPP 1.6 heap corruption caused by lock-free insertion in event_queue — everest-coreCWE-122 5.9 Medium2026-03-26
CVE-2026-26072 EVerest has race-condition-induced std::map corruption in OCPP 1.6 evse_soc_map — everest-coreCWE-362 4.2 Medium2026-03-26
CVE-2026-26071 EVerest: OCPP 2.0.1 EVCCID Data Race Leads to Heap Use‑After‑Free — everest-coreCWE-362 4.2 Medium2026-03-26
CVE-2026-26070 EVerest: OCPP 2.0.1 EV SoC Update Race Causes Charge Point Crash — everest-coreCWE-362 4.6 Medium2026-03-26
CVE-2026-26008 EVerest has OOB via EVSE ID Indexing Mismatch in OCPP 2.0.1 UpdateAllowedEnergyTransferModes — everest-coreCWE-125 7.5 High2026-03-26
CVE-2026-23995 EVerest has stack buffer overflow in ifreq.ifr_name when interface name exceeds IFNAMSIZ — everest-coreCWE-121 8.4 High2026-03-26
CVE-2026-22790 EVerest's unchecked SLAC payload length causes stack overflow in HomeplugMessage::setup_payload — everest-coreCWE-121 8.8 High2026-03-26
CVE-2026-22593 EVerest has off-by-one stack buffer overflow in IsoMux certificate filename parsing — everest-coreCWE-193 8.4 High2026-03-26
CVE-2026-24003 EvseV2G has sequence state validation bypass — everest-coreCWE-287 4.3 Medium2026-01-26
CVE-2025-68141 EVerest vulnerable to null pointer dereference during DC_ChargeLoopRes document deserialization — everest-coreCWE-476 7.4 High2026-01-21
CVE-2025-68140 EVerest allows null session ID to bypass session ID verification — everest-coreCWE-863 4.3 Medium2026-01-21
CVE-2025-68139 In EVerest, by default, the EV is responsible for closing the connection if the module encounters an error during request processing — everest-coreCWE-384 4.3 Medium2026-01-21
CVE-2025-68138 EVerest affected by memory exhaustion in libocpp — everest-coreCWE-770 4.7 Medium2026-01-21
CVE-2026-23955 EVerest vulnerable to concatenation of strings literal and integers — everest-coreCWE-1046 4.2 Medium2026-01-21
CVE-2025-68137 EVerest's Integer Overflow and Signed to Unsigned conversion lead to either stack buffer overflow or infinite loop — everest-coreCWE-120 8.4 High2026-01-21
CVE-2025-68136 EVerest's inadequate session handling can lead to memory-related errors or exhaustion of the operating system’s file descriptors, resulting in a denial of service — everest-coreCWE-770 7.4 High2026-01-21
CVE-2025-68135 EVerest's inadequate exception handling leads to denial of service — everest-coreCWE-703 6.5 Medium2026-01-21
CVE-2025-68134 EVerest's use of assert functions can potentially lead to denial of service — everest-coreCWE-20 7.4 High2026-01-21
CVE-2025-68132 EVerest has out-of-bounds read in DZG_GSH01 SLIP CRC parser that can crash powermeter driver — everest-coreCWE-125 9.1AICriticalAI2026-01-21
CVE-2025-68133 EVerest's unlimited connections can lead to DoS through operating system resource exhaustion — everest-coreCWE-770 7.4 High2026-01-21

This page lists every published CVE security advisory associated with EVerest. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.