CVE-2026-27814 | EVerest everest-core 2025.9.0/2025.10.0/2025.12.0 ac_switch_three_phases_while_charging race condition (GHSA-5528-wc53-v557)

VDB-353675 · CVE-2026-27814 · GHSA-5528-WC53-V557 EVEREST EVEREST-CORE 2025.9.0/2025.10.0/2025.12.0 AC_SWITCH_THREE_PHASES_WHILE_CHARGING RACE CONDITION HISTORYDIFFRELATEJSONXMLCTI CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score 4.1 $0-$5k 1.63+ Summaryinfo A vulnerability was found in EVerest everest-core. It has been rated as problematic. This vulnerability affects the function ac_switch_three_phases_while_charging. The manipulation leads to race condition. This vulnerability is referenced as CVE-2026-27814. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is advised. Detailsinfo A vulnerability, which was classified as problematic, has been found in EVerest everest-core. This issue affects the function ac_switch_three_phases_while_charging. The manipulation with an unknown input leads to a race condition vulnerability. Using CWE to declare the problem leads to CWE-362. The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently. Impacted is integrity, and availability. The summary by CVE is: EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race (C++ UB) triggered by an A 1-phase ↔ 3-phase switch request (`ac_switch_three_phases_while_charging`) during charging/waiting executes concurrently with the state machine loop. Version 2026.02.0 contains a patch. It is possible to read the advisory at github.com. The identification of this vulnerability is CVE-2026-27814 since 02/24/2026. The exploitation is known to be difficult. The attack needs to approached within the local network. No form of authentication is needed for a successful exploitation. Technical details of the vulnerability are known, but there is no available exploit. Upgrading to version 2026.02.0 eliminates this vulnerability. Productinfo Vendor EVerest Name everest-core Version 2025.9.0 2025.10.0 2025.12.0 CPE 2.3info 🔒 🔒 🔒 CPE 2.2info 🔒 🔒 🔒 CVSSv4info VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv3info VulDB Meta Base Score: 4.2 VulDB Meta Temp Score: 4.1 VulDB Base Score: 4.2 VulDB Temp Score: 4.0 VulDB Vector: 🔒 VulDB Reliability: 🔍 CNA Base Score: 4.2 CNA Vector (GitHub_M): 🔒 CVSSv2info Vector Complexity Authentication Confidentiality Integrity Availability Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock VulDB Base Score: 🔒 VulDB Temp Score: 🔒 VulDB Reliability: 🔍 Exploitinginfo Class: Race condition CWE: CWE-362 CAPEC: 🔒 ATT&CK: 🔒 Physical: No Local: No Remote: Partially Availability: 🔒 Status: Not defined Price Prediction: 🔍 Current Price Estimation: 🔒 0-Day Unlock Unlock Unlock Unlock Today Unlock Unlock Unlock Unlock Threat Intelligenceinfo Interest: 🔍 Active Actors: 🔍 Active APT Groups: 🔍 Countermeasuresinfo Recommended: Upgrade Status: 🔍 0-Day Time: 🔒 Upgrade: everest-core 2026.02.0 Timelineinfo 02/24/2026 CVE reserved 03/26/2026 +30 days Advisory disclosed 03/26/2026 +0 days VulDB entry created 03/26/2026 +0 days VulDB entry last update Sourcesinfo Advisory: GHSA-5528-wc53-v557 Status: Confirmed CVE: CVE-2026-27814 (🔒) GCVE (CVE): GCVE-0-2026-27814 GCVE (VulDB): GCVE-100-353675 Entryinfo Created: 03/26/2026 19:00 Changes: 03/26/2026 19:00 (64) Complete: 🔍 Cache ID: 99:2F7:101 Discussion No comments yet. Languages: en. Please log in to comment. ◂ PreviousOverviewNext ▸