← Back to CVEs
CVE-2026-23955
MEDIUM4.2
Description
EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer values are concatenated to literal strings when throwing errors. This results in pointers arithmetic instead of printing the integer value as expected, like most of interpreted languages. This can be used by malicious operator to read unintended memory regions, including the heap and the stack. Version 2025.9.0 fixes the issue.
CVE Details
CVSS v3.1 Score4.2
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredHIGH
User InteractionREQUIRED
Published1/21/2026
Last Modified2/6/2026
Sourcenvd
Honeypot Sightings0
Affected Products
linuxfoundation:everest
Weaknesses (CWE)
CWE-1046
References
https://github.com/EVerest/everest-core/security/advisories/GHSA-px57-jx97-hrff(security-advisories@github.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.