CVE-2026-33015

MEDIUM NVD

CVSS Score 5.2

Severity MEDIUM

Published Mar 26, 2026

Vendor unknown

Description

EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop (StopTransaction), the EVSE can return to `PrepareCharging` via the EV's BCB toggle, allowing session restart. This breaks the irreversibility of remote stop and can bypass operational/billing/safety controls. Version 2026.02.0 contains a patch.

References

https://github.com/EVerest/EVerest/security/advisories/GHSA-pw9q-2287-cchc
https://github.com/EVerest/EVerest/security/advisories/GHSA-pw9q-2287-cchc