CVE-2026-29044

EVerest is an EV charging software stack. Prior to version 2026.02.0, when WithdrawAuthorization is processed before the TransactionStarted event, AuthHandler determines `transaction_active=false` and only calls `withdraw_authorization_callback`. This path ultimately calls `Charger::deauthorize()`, but no actual stop (StopTransaction) occurs in the Charging state. As a result, authorization withdrawal can be defeated by timing, allowing charging to continue. Version 2026.02.0 contains a patch.

CVSS v3 5.0 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.7 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/EVerest/EVerest/security/advisories/GHSA-gx37-p775-qf5v	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:linuxfoundation:everest:*:*:*:*:*:*:*:*

History

31 Mar 2026, 14:40

Type	Values Removed	Values Added
First Time		Linuxfoundation Linuxfoundation everest
CPE		cpe:2.3:o:linuxfoundation:everest::::::::
References	~~() https://github.com/EVerest/EVerest/security/advisories/GHSA-gx37-p775-qf5v -~~	() https://github.com/EVerest/EVerest/security/advisories/GHSA-gx37-p775-qf5v - Exploit, Vendor Advisory

30 Mar 2026, 13:26

Type	Values Removed	Values Added
Summary		(es) EVerest es una pila de software de carga de vehículos eléctricos. Antes de la versión 2026.02.0, cuando WithdrawAuthorization se procesa antes del evento TransactionStarted, AuthHandler determina que 'transaction_active=false' y solo llama a 'withdraw_authorization_callback'. Esta ruta finalmente llama a 'Charger::deauthorize()', pero no se produce una detención real (StopTransaction) en el estado de Carga. Como resultado, la retirada de la autorización puede ser eludida por el tiempo, permitiendo que la carga continúe. La versión 2026.02.0 contiene un parche.

26 Mar 2026, 17:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-26 17:16

Updated : 2026-03-31 14:40

NVD link : CVE-2026-29044

Mitre link : CVE-2026-29044

CVE.ORG link : CVE-2026-29044

JSON object : View

Products Affected

linuxfoundation

everest

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2026-29044", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 0.7}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 2.2}]}, "published": "2026-03-26T17:16:34.503", "references": [{"url": "https://github.com/EVerest/EVerest/security/advisories/GHSA-gx37-p775-qf5v", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "EVerest is an EV charging software stack. Prior to version 2026.02.0, when WithdrawAuthorization is processed before the TransactionStarted event, AuthHandler determines `transaction_active=false` and only calls `withdraw_authorization_callback`. This path ultimately calls `Charger::deauthorize()`, but no actual stop (StopTransaction) occurs in the Charging state. As a result, authorization withdrawal can be defeated by timing, allowing charging to continue. Version 2026.02.0 contains a patch."}, {"lang": "es", "value": "EVerest es una pila de software de carga de veh\u00edculos el\u00e9ctricos. Antes de la versi\u00f3n 2026.02.0, cuando WithdrawAuthorization se procesa antes del evento TransactionStarted, AuthHandler determina que 'transaction_active=false' y solo llama a 'withdraw_authorization_callback'. Esta ruta finalmente llama a 'Charger::deauthorize()', pero no se produce una detenci\u00f3n real (StopTransaction) en el estado de Carga. Como resultado, la retirada de la autorizaci\u00f3n puede ser eludida por el tiempo, permitiendo que la carga contin\u00fae. La versi\u00f3n 2026.02.0 contiene un parche."}], "lastModified": "2026-03-31T14:40:50.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linuxfoundation:everest:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB167E67-6808-4F7B-9505-FFF0C02B288C", "versionEndExcluding": "2026.02.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}