CVE-2026-33015

{"id": "CVE-2026-33015", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.2, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 0.9}]}, "published": "2026-03-26T17:16:38.130", "references": [{"url": "https://github.com/EVerest/EVerest/security/advisories/GHSA-pw9q-2287-cchc", "source": "security-advisories@github.com"}, {"url": "https://github.com/EVerest/EVerest/security/advisories/GHSA-pw9q-2287-cchc", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Undergoing Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop (StopTransaction), the EVSE can return to `PrepareCharging` via the EV's BCB toggle, allowing session restart. This breaks the irreversibility of remote stop and can bypass operational/billing/safety controls. Version 2026.02.0 contains a patch."}, {"lang": "es", "value": "EVerest es una pila de software de carga de veh\u00edculos el\u00e9ctricos. Antes de la versi\u00f3n 2026.02.0, incluso inmediatamente despu\u00e9s de que el CSMS realice un RemoteStop (StopTransaction), el EVSE puede volver a 'PrepareCharging' a trav\u00e9s del interruptor BCB del VE, permitiendo el reinicio de la sesi\u00f3n. Esto rompe la irreversibilidad de la parada remota y puede eludir los controles operativos/de facturaci\u00f3n/de seguridad. La versi\u00f3n 2026.02.0 contiene un parche."}], "lastModified": "2026-03-30T13:26:50.827", "sourceIdentifier": "security-advisories@github.com"}