CVE-2026-22790 is a stack-based buffer overflow vulnerability identified in the EVerest everest-core software, which is part of an EV charging software stack. The vulnerability exists in the function HomeplugMessage::setup_payload, which processes SLAC (Signal Level Attenuation Characterization) payloads used in EV charging communication protocols. The function uses an assert statement to check the length of the payload before copying it into a fixed-size stack buffer of approximately 1497 bytes. However, assert statements are typically disabled in release builds, effectively removing this critical length check. As a result, an attacker can send an oversized SLAC payload frame over the network, causing memcpy to copy more data than the buffer can hold, leading to stack corruption. This memory corruption can be exploited to execute arbitrary code remotely, compromising the EV charging system. The vulnerability requires no privileges or user interaction and can be triggered remotely over the network, increasing its severity. The CVSS 3.1 vector (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates the attack can be performed over an adjacent network with low complexity and no privileges, resulting in high confidentiality, integrity, and availability impacts. The vendor has addressed this issue in version 2026.02.0 by adding proper bounds checking and removing reliance on assert for security validation. No public exploits have been reported yet, but the nature of the flaw and its context in critical EV infrastructure make it a high-risk vulnerability.

The vulnerability allows remote attackers to execute arbitrary code on EV charging stations or related infrastructure running vulnerable versions of everest-core. This can lead to full system compromise, enabling attackers to disrupt charging services, manipulate billing or usage data, or pivot into broader enterprise or grid networks. The confidentiality of user data and operational integrity of EV charging infrastructure are at risk. Availability can also be impacted if attackers cause crashes or denial-of-service conditions. Given the increasing deployment of EV charging infrastructure worldwide and its integration with energy grids and payment systems, exploitation could have cascading effects on transportation and energy sectors. Organizations relying on affected software versions face significant operational and reputational risks if exploited.

1. Immediately upgrade all instances of everest-core to version 2026.02.0 or later, which contains the patch for this vulnerability. 2. Implement network segmentation and strict firewall rules to limit access to EV charging infrastructure management interfaces and protocols, especially restricting SLAC-related traffic to trusted sources. 3. Deploy intrusion detection/prevention systems (IDS/IPS) with signatures or anomaly detection tuned to identify malformed or oversized SLAC payloads. 4. Conduct regular security audits and code reviews of EV infrastructure software to identify similar unsafe coding practices, such as reliance on asserts for security checks. 5. Monitor vendor advisories and threat intelligence feeds for any emerging exploits targeting this vulnerability. 6. Consider application-layer filtering or protocol validation proxies that enforce payload size limits before packets reach vulnerable components. 7. Establish incident response plans specific to EV infrastructure compromise scenarios.