CVE-2026-27816 is a vulnerability classified as CWE-787 (Out-of-bounds Write) found in the EVerest everest-core software, which is part of an EV charging software stack. The issue lies in the function ISO15118_chargerImpl::handle_update_energy_transfer_modes, where a variable-length list is copied into a fixed-size array of length 6 without proper bounds checking. This improper handling allows an attacker to send an oversized MQTT command payload that, when schema validation is disabled (the default setting), can cause out-of-bounds writes. These writes can corrupt adjacent memory related to the Electric Vehicle Supply Equipment (EVSE) state or cause the charging process to crash. The vulnerability does not require authentication, user interaction, or elevated privileges but does require local access to the system (e.g., network access with the ability to send MQTT commands). The flaw was addressed in version 2026.02.0 of everest-core. The CVSS 4.0 vector indicates a medium severity with a score of 5.5, reflecting the limited attack vector (local) but high impact on availability due to potential crashes and state corruption. No public exploits have been observed, but the vulnerability poses a risk to the stability and reliability of EV charging infrastructure running vulnerable versions.

The primary impact of this vulnerability is on the availability and integrity of EV charging systems using the EVerest everest-core software prior to version 2026.02.0. Successful exploitation can lead to process crashes, causing denial of service conditions that interrupt EV charging sessions. Additionally, out-of-bounds writes may corrupt critical EVSE state data, potentially leading to unpredictable behavior or safety risks in the charging process. Given the increasing reliance on EV infrastructure globally, disruptions could affect EV users and operators, leading to operational downtime and reputational damage. While the vulnerability does not directly expose confidentiality risks or allow remote code execution, the instability it causes could be leveraged in targeted attacks against EV charging networks, especially in environments where local network access is possible. Organizations operating EV charging stations with affected software versions face risks of service interruptions and must prioritize remediation to maintain reliable EVSE operations.

To mitigate CVE-2026-27816, organizations should immediately upgrade the everest-core software to version 2026.02.0 or later, where the vulnerability is patched. If immediate upgrade is not feasible, disable MQTT command payload acceptance from untrusted sources and enable strict schema validation to prevent oversized payloads from being processed. Network segmentation should be enforced to restrict access to EVSE management interfaces and MQTT brokers, limiting exposure to local attackers. Implement monitoring and alerting for abnormal MQTT payload sizes or unexpected EVSE state changes to detect potential exploitation attempts. Additionally, conduct regular security audits of EV charging infrastructure and apply vendor security advisories promptly. Employing intrusion detection systems that understand EVSE protocols can further help identify suspicious activity. Finally, coordinate with EVSE vendors and operators to ensure consistent patch management and security posture across the EV charging ecosystem.