CVE-2026-23955

{"id": "CVE-2026-23955", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-23955", "role": "CISA Coordinator", "options": [{"exploitation": "poc"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-21T19:53:45.367515Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.6}]}, "affected": [{"source": "security-advisories@github.com", "affectedData": [{"vendor": "EVerest", "product": "everest-core", "versions": [{"status": "affected", "version": "< 2025.9.0"}]}]}], "published": "2026-01-21T20:16:12.517", "references": [{"url": "https://github.com/EVerest/everest-core/security/advisories/GHSA-px57-jx97-hrff", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-1046"}]}], "descriptions": [{"lang": "en", "value": "EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer values are concatenated to literal strings when throwing errors. This results in pointers arithmetic instead of printing the integer value as expected, like most of interpreted languages. This can be used by malicious operator to read unintended memory regions, including the heap and the stack. Version 2025.9.0 fixes the issue."}, {"lang": "es", "value": "EVerest es una pila de software de carga de VE. Antes de la versi\u00f3n 2025.9.0, en varios lugares, los valores enteros se concatenan a cadenas literales al lanzar errores. Esto resulta en aritm\u00e9tica de punteros en lugar de imprimir el valor entero como se espera, como la mayor\u00eda de los lenguajes interpretados. Esto puede ser utilizado por un operador malicioso para leer regiones de memoria no intencionadas, incluyendo el mont\u00f3n y la pila. La versi\u00f3n 2025.9.0 corrige el problema."}], "lastModified": "2026-06-17T10:22:20.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linuxfoundation:everest:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1D746C7-49D6-43DE-90B2-C79F58ADB9B7", "versionEndExcluding": "2025.9.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}