CVE-2026-23995 is a stack-based buffer overflow vulnerability identified in the EVerest everest-core software, a critical component of the EVerest EV charging software stack. The vulnerability arises during the initialization of the CAN (Controller Area Network) interface when the software accepts an interface name longer than IFNAMSIZ (16 bytes). The interface name is stored in the ifreq.ifr_name field, which is a fixed-size buffer. Passing an overly long interface name causes a buffer overflow that overwrites adjacent stack memory, potentially corrupting control data such as return addresses or function pointers. This memory corruption can be exploited to achieve arbitrary code execution. Notably, the vulnerability can be triggered before any privilege checks, meaning that an attacker with local access can exploit it without elevated permissions or user interaction. The flaw affects all versions of everest-core prior to 2026.02.0, which includes a patch that properly bounds the interface name length to prevent overflow. The vulnerability is classified under CWE-121 (Stack-based Buffer Overflow) and has a CVSS v3.1 base score of 8.4, reflecting its high severity. Although no public exploits have been reported yet, the nature of the vulnerability and its potential for code execution make it a critical risk for EV charging infrastructure relying on this software stack.

The impact of CVE-2026-23995 is significant for organizations deploying the EVerest everest-core software in EV charging stations and related infrastructure. Successful exploitation can lead to arbitrary code execution on the affected system, compromising confidentiality, integrity, and availability. Attackers could execute malicious code to disrupt charging operations, manipulate charging data, or pivot to other networked systems, potentially causing widespread operational disruption. Since the vulnerability can be triggered without privileges or user interaction, it lowers the barrier for attackers with local access, such as insiders or attackers who have gained limited foothold. Given the growing deployment of EV charging infrastructure globally, this vulnerability poses risks to critical energy and transportation sectors. The lack of known exploits in the wild currently reduces immediate risk, but the high severity and ease of exploitation mean that attackers may develop exploits rapidly if the vulnerability becomes widely known.

To mitigate CVE-2026-23995, organizations should immediately upgrade all instances of the EVerest everest-core software to version 2026.02.0 or later, which contains the official patch addressing the buffer overflow. Until patching is possible, restrict local access to systems running everest-core to trusted personnel only, and monitor for any unusual interface configuration attempts that might exploit the vulnerability. Implement strict input validation and sanitization on interface names if customization or extension of the software is performed. Employ runtime protections such as stack canaries, address space layout randomization (ASLR), and control flow integrity (CFI) where supported to reduce exploitation success. Regularly audit and monitor logs for anomalous CAN interface initialization activities. Coordinate with EV infrastructure vendors to ensure timely updates and share threat intelligence related to this vulnerability. Finally, consider network segmentation to isolate EV charging systems from broader enterprise networks to limit lateral movement in case of compromise.