CVE-2026-26071

// Conceptual PoC for Data Race in EVerest (CVE-2026-26071) // This simulates the race condition between EVCCID update and OCPP events. #include <iostream> #include <thread> #include <string> #include <chrono> // Global shared resource simulating the vulnerable string std::string shared_session_id = "initial_id"; void evccid_update_thread() { // Simulates EVCCID update events modifying the string for (int i = 0; i < 1000; ++i) { shared_session_id = "evcc_update_" + std::to_string(i); // Simulate processing delay std::this_thread::sleep_for(std::chrono::microseconds(1)); } } void ocpp_auth_thread() { // Simulates OCPP authorization events reading the string for (int i = 0; i < 1000; ++i) { // Potential Use-After-Free or Data Race here std::string local_copy = shared_session_id; if (local_copy.empty()) { // Handle error or crash simulation std::cout << "Error: Invalid session ID detected." << std::endl; } std::this_thread::sleep_for(std::chrono::microseconds(1)); } } int main() { std::cout << "Starting PoC for CVE-2026-26071..." << std::endl; // Create threads representing concurrent events std::thread t1(evccid_update_thread); std::thread t2(ocpp_auth_thread); t1.join(); t2.join(); std::cout << "PoC execution finished." << std::endl; return 0; }

{"cve": {"id": "CVE-2026-26071", "sourceIdentifier": "[email protected]", "published": "2026-03-26T15:16:32.847", "lastModified": "2026-03-31T13:06:47.847", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::string` concurrent access. with heap-use-after-free possible. This is triggered by EVCCID update (EV/ISO15118) and OCPP session/authorization events. Version 2026.02.0 contains a patch."}, {"lang": "es", "value": "EVerest es una pila de software de carga de vehículos eléctricos. Las versiones anteriores a la 2026.02.0 tienen una condición de carrera que lleva a un acceso concurrente a 'std::string', con posible uso después de liberación en el heap. Esto se activa por la actualización de EVCCID (EV/ISO15118) y los eventos de sesión/autorización de OCPP. La versión 2026.02.0 contiene un parche."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 4.2, "baseSeverity": "MEDIUM", "attackVector": "PHYSICAL", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.5, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-362"}, {"lang": "en", "value": "CWE-416"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linuxfoundation:everest:*:*:*:*:*:*:*:*", "versionEndExcluding": "2026.02.0", "matchCriteriaId": "EB167E67-6808-4F7B-9505-FFF0C02B288C"}]}]}], "references": [{"url": "https://github.com/EVerest/EVerest/security/advisories/GHSA-xww8-4hfx-9fjw", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}