CVE-2026-22593 is a stack-based buffer overflow vulnerability identified in the EVerest everest-core software, which is part of an EV charging software stack. The root cause is an off-by-one error (CWE-193) in the IsoMux certificate filename handling logic. Specifically, when a filename in the certificate directory has a length exactly equal to MAX_FILE_NAME_LENGTH (100 characters), the code incorrectly performs boundary checks, allowing an overflow of the file_names array on the stack. This overflow corrupts adjacent stack memory, including control data, which can be leveraged by an attacker to execute arbitrary code with the privileges of the everest-core process. The vulnerability does not require any privileges or user interaction to exploit, making it more dangerous. The flaw was patched in version 2026.02.0 of everest-core. The CVSS v3.1 base score is 8.4, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges or user interaction required. Although no known exploits have been reported in the wild, the vulnerability poses a significant risk to EV charging infrastructure security, potentially allowing attackers to disrupt charging services or manipulate charging data.

The exploitation of CVE-2026-22593 could have severe consequences for organizations operating EV charging infrastructure using vulnerable versions of everest-core. Successful exploitation can lead to arbitrary code execution, allowing attackers to compromise the confidentiality, integrity, and availability of the charging system. This could result in unauthorized control over charging sessions, manipulation of billing or usage data, disruption of charging services, or pivoting into broader enterprise networks. Given the critical role of EV charging infrastructure in transportation and energy sectors, such disruptions could impact end users, operators, and energy providers. The vulnerability’s ease of exploitation without authentication or user interaction increases the risk of automated or remote attacks. While no exploits are currently known in the wild, the potential for impactful attacks on critical infrastructure warrants urgent remediation.

To mitigate this vulnerability, organizations should immediately upgrade everest-core to version 2026.02.0 or later, where the off-by-one error has been patched. Until upgrades can be applied, organizations should implement strict input validation and filtering on certificate filenames to ensure they do not reach the maximum length that triggers the overflow. Restricting access to the certificate directory to trusted administrators only can reduce the risk of an attacker placing malicious filenames. Employ runtime protections such as stack canaries, address space layout randomization (ASLR), and control flow integrity (CFI) to make exploitation more difficult. Regularly audit and monitor logs for suspicious file creation or modification events in the certificate directories. Additionally, segment EV charging infrastructure networks from corporate and critical operational networks to limit lateral movement if compromise occurs. Finally, maintain an incident response plan specific to EV infrastructure to quickly address any exploitation attempts.