Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
ChargePoint Home Flex allows hackers to take control of your device
CVE-2026-4157
Summary
ChargePoint Home Flex devices are at risk of being hacked by someone on the same network, potentially allowing them to access and control the device. This is a serious issue because hackers can exploit it without needing a password. To protect your device, ensure you keep your ChargePoint Home Flex firmware up to date and implement network security measures to prevent unauthorized access.
Original title
ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations ...
Original description
ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of OCPP messages. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26338.
The specific flaw exists within the handling of OCPP messages. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26338.
nvd CVSS3.0
7.5
Vulnerability type
CWE-78
OS Command Injection
Published: 11 Apr 2026 · Updated: 11 Apr 2026 · First seen: 11 Apr 2026