CVE-2026-27815 is an out-of-bounds write vulnerability classified under CWE-787 found in the EVerest everest-core software, which is part of an EV charging software stack. The vulnerability arises in the ISO15118_chargerImpl::handle_session_setup function, where a variable-length list of payment_options is copied into a fixed-size array of length 2 without bounds checking. This unsafe copying can lead to memory corruption by writing beyond the allocated buffer. The issue is exacerbated by the fact that schema validation for MQTT command payloads is disabled by default, allowing oversized payloads to be processed unchecked. An attacker who can send malicious MQTT commands to the EVSE (Electric Vehicle Supply Equipment) can exploit this flaw to corrupt adjacent memory, potentially altering EVSE state or causing the charging process to crash. The vulnerability does not require authentication or user interaction but does require access to the MQTT interface, which is typically local or network-restricted. The CVSS 4.0 base score is 5.5 (medium severity), reflecting the local attack vector, no privileges required, no user interaction, and high impact on availability. The flaw was patched in version 2026.02.0 of everest-core. No known exploits have been reported in the wild to date. The vulnerability highlights the risks of disabled schema validation and unsafe memory operations in embedded IoT and EV infrastructure software.

The impact of CVE-2026-27815 on organizations operating EV charging infrastructure can be significant. Successful exploitation can lead to memory corruption, which may cause the EVSE software to crash or behave unpredictably, resulting in denial of service for EV charging stations. This disruption can affect EV users' ability to charge vehicles, potentially causing operational and reputational damage to charging network operators. In worst cases, corrupted EVSE state could lead to incorrect charging behavior or safety risks, though no such direct safety impact is confirmed. Because the vulnerability requires access to the MQTT interface, attackers with network access to EVSE devices could exploit it to disrupt service. Given the increasing adoption of EVs and charging infrastructure worldwide, widespread exploitation could impact critical transportation and energy sectors. However, the lack of known exploits and the medium severity rating suggest the threat is moderate but should not be underestimated, especially in environments with lax network segmentation or disabled schema validation.

To mitigate CVE-2026-27815, organizations should immediately upgrade the everest-core software to version 2026.02.0 or later, which contains the patch fixing the out-of-bounds write. Additionally, enable schema validation for MQTT payloads to prevent oversized or malformed commands from being processed. Network segmentation and strict access controls should be enforced to restrict MQTT interface access only to trusted and authenticated entities, minimizing exposure to potential attackers. Implement monitoring and anomaly detection on MQTT traffic to identify unusual or oversized payloads that could indicate exploitation attempts. Conduct regular security audits and code reviews of embedded software components to detect unsafe memory operations. Finally, maintain an incident response plan for EVSE infrastructure to quickly address potential disruptions caused by exploitation attempts.