Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
ChargePoint Home Flex Exposes Sensitive Data in Charging Station
CVE-2026-4155
Summary
A vulnerability in ChargePoint Home Flex charging stations can reveal sensitive information without requiring login credentials. This could allow an attacker to access stored credentials and gain further access. ChargePoint should be contacted to confirm the issue and apply any necessary updates to secure the system.
Original title
ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affecte...
Original description
ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the genpw script. The issue results from the inclusion of a secret cryptographic seed value within the script. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-26340.
The specific flaw exists within the genpw script. The issue results from the inclusion of a secret cryptographic seed value within the script. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-26340.
nvd CVSS3.0
7.5
Vulnerability type
CWE-540
Published: 11 Apr 2026 · Updated: 11 Apr 2026 · First seen: 11 Apr 2026