CVE 8.6 HIGH

Stack-based buffer overflow in XCharge C6_CVE-2026-9038

May 28, 2026 invoker category_cve

8.6 / 10

HIGH

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

A stack-based buffer overflow vulnerability in the charging controller’s signal-processing logic allows an attacker with physical access to the charging interface to supply message fields that exceed expected bounds. Because the input is not sufficiently validated, memory corruption may occur, which can lead to execution of unauthorized code with elevated privileges.

AI Analysis

Stack-based buffer overflow vulnerability in the charging controller’s signal-processing logic

Basic Information

ID CVE-2026-9038

Source icscert

Published May 28, 2026 at 19:05

Affected Product

Vendor XCharge

Product C6

Affected Versions XCharge C6 0

CWE Classification

CWE-121

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor XCharge

Product C6

References

www.cisa.gov /news-events/ics-advisories/icsa-26-148-08

{
    "lastseen": "",
    "description": "A stack-based buffer overflow vulnerability in the charging controller\u2019s signal-processing logic allows an attacker with physical access to the charging interface to supply message fields that exceed expected bounds. Because the input is not sufficiently validated, memory corruption may occur, which can lead to execution of unauthorized code with elevated privileges.",
    "published": "2026-05-28T19:05:45.306Z",
    "modified": "2026-05-28T19:05:45.306Z",
    "type": "cve",
    "title": "Stack-based buffer overflow in XCharge C6",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-08",
    "id": "CVE-2026-9038",
    "bulletinFamily": "",
    "cwe": [
        "CWE-121"
    ],
    "cvelist": null,
    "sourceData": "XCharge C6 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "C6",
    "version": "0",
    "vendor": "XCharge",
    "ai_description": "Stack-based buffer overflow vulnerability in the charging controller\u2019s signal-processing logic",
    "ai_severity": "High",
    "ai_vendor": "XCharge",
    "ai_product": "C6",
    "ai_version": "0",
    "ai_score": 8.6
}

💭 Join the Security Discussion ❌ Cancel Reply