7
CVE-2026-26074
- EPSS 0.05%
- Veröffentlicht 26.03.2026 16:19:45
- Zuletzt bearbeitet 30.03.2026 20:57:44
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginEVerest: OCPP201 startup event_queue lock mismatch leads to std::map/std::queue data race
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible `std::map<std::queue>` corruption. The trigger is CSMS GetLog/UpdateFirmware request (network) with an EVSE fault event (physical). This results in TSAN reports concurrent access (data race) to `event_queue`. Version 2026.2.0 contains a patch.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linuxfoundation ≫ Everest Version < 2026.02.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.161 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 7 | 2.2 | 4.7 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
|
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.