CVE-2026-23955 — MEDIUM (4.2)

Q: How severe is CVE-2026-23955?

CVE-2026-23955 has been rated MEDIUM with a CVSS base score of 4.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-23955?

Check the references section above for vendor advisories and patch information. Affected products include: Linuxfoundation Everest.

Vulnerability Description

EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer values are concatenated to literal strings when throwing errors. This results in pointers arithmetic instead of printing the integer value as expected, like most of interpreted languages. This can be used by malicious operator to read unintended memory regions, including the heap and the stack. Version 2025.9.0 fixes the issue.

CVSS Score

4.2

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Linuxfoundation	Everest	< 2025.9.0

Related Weaknesses (CWE)

CWE-1046

References

https://github.com/EVerest/everest-core/security/advisories/GHSA-px57-jx97-hrffVendor AdvisoryExploit

FAQ

What is CVE-2026-23955?

CVE-2026-23955 is a vulnerability with a CVSS score of 4.2 (MEDIUM). EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer values are concatenated to literal strings when throwing errors. This results in pointers arithmetic ins...

How severe is CVE-2026-23955?

CVE-2026-23955 has been rated MEDIUM with a CVSS base score of 4.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-23955?

Check the references section above for vendor advisories and patch information. Affected products include: Linuxfoundation Everest.