CVE-2026-27813 is a use-after-free vulnerability classified under CWE-416 found in the everest-core component of the EVerest EV charging software stack. This vulnerability exists in versions prior to 2026.02.0 due to a data race condition that occurs when handling concurrent events such as EV plug-in/unplug and authorization requests via RFID, RemoteStart, or OCPP protocols. The race condition can cause the software to reference memory that has already been freed, leading to undefined behavior including potential memory corruption and application crashes. The vulnerability is triggered by asynchronous event handling and delayed authorization responses, which complicates safe memory management. The CVSS v3.1 base score is 5.3, reflecting medium severity with network attack vector, high attack complexity, no privileges required, and no user interaction needed. The impact primarily affects availability due to possible service disruption, with limited confidentiality and integrity impact. No known exploits have been reported in the wild. The vendor addressed the issue in version 2026.02.0 by patching the data race condition, likely through improved synchronization and memory management techniques. This vulnerability is particularly relevant to organizations operating EV charging stations using the EVerest software stack, as exploitation could disrupt charging services and impact EV users.

The primary impact of CVE-2026-27813 is on the availability of EV charging services, as exploitation can cause application crashes or instability in the everest-core software component. This disruption could lead to denial of service for EV users attempting to charge their vehicles, potentially causing operational and reputational damage to charging network operators. The confidentiality and integrity impacts are low, as the vulnerability does not directly expose sensitive data or allow unauthorized data modification. However, service outages in critical EV infrastructure could have cascading effects on transportation and energy management systems. The medium severity score reflects the high complexity required to exploit the vulnerability, limiting widespread exploitation but still posing a risk to targeted attacks. Organizations relying on EVerest for EV charging management must consider the operational risks and potential customer dissatisfaction arising from service interruptions.

To mitigate CVE-2026-27813, organizations should immediately upgrade all instances of the EVerest everest-core software to version 2026.02.0 or later, which contains the patch for the data race condition. Additionally, operators should audit their deployment environments to ensure no legacy versions remain in use. Implementing robust concurrency controls and thread-safe programming practices in custom integrations or extensions can further reduce the risk of similar data races. Monitoring EV charging system logs for abnormal crashes or memory errors can help detect exploitation attempts early. Network segmentation and limiting access to the EV charging management interfaces can reduce exposure to remote attackers. Finally, coordinating with the vendor for timely updates and security advisories will help maintain a secure EV charging infrastructure.