Use After Free in Everest Everest-core

CVE-2026-27828

EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118_chargerImpl::handle_session_setup uses v2g_ctx after it has been freed when ISO15118 initialization fails (e.g., no IPv6 link-local address). The EVSE process c…

Vulnerability class: Use-After-Free

EPSS: 0.000 (3.3th percentile) — read the EPSS interpretation.