{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T18:45:32.490","vulnerabilities":[{"cve":{"id":"CVE-2026-29044","sourceIdentifier":"security-advisories@github.com","published":"2026-03-26T17:16:34.503","lastModified":"2026-03-31T14:40:50.140","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"EVerest is an EV charging software stack. Prior to version 2026.02.0, when WithdrawAuthorization is processed before the TransactionStarted event, AuthHandler determines `transaction_active=false` and only calls `withdraw_authorization_callback`. This path ultimately calls `Charger::deauthorize()`, but no actual stop (StopTransaction) occurs in the Charging state. As a result, authorization withdrawal can be defeated by timing, allowing charging to continue. Version 2026.02.0 contains a patch."},{"lang":"es","value":"EVerest es una pila de software de carga de vehículos eléctricos. Antes de la versión 2026.02.0, cuando WithdrawAuthorization se procesa antes del evento TransactionStarted, AuthHandler determina que 'transaction_active=false' y solo llama a 'withdraw_authorization_callback'. Esta ruta finalmente llama a 'Charger::deauthorize()', pero no se produce una detención real (StopTransaction) en el estado de Carga. Como resultado, la retirada de la autorización puede ser eludida por el tiempo, permitiendo que la carga continúe. La versión 2026.02.0 contiene un parche."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":0.7,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linuxfoundation:everest:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.02.0","matchCriteriaId":"EB167E67-6808-4F7B-9505-FFF0C02B288C"}]}]}],"references":[{"url":"https://github.com/EVerest/EVerest/security/advisories/GHSA-gx37-p775-qf5v","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}