Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
ChargePoint Home Flex Charger Allows Hackers to Run Code Remotely
CVE-2026-4156
Summary
If an attacker is connected to the same network as a ChargePoint Home Flex charger, they can potentially access and control the device, potentially leading to unauthorized access to your home's electrical system. This happens because the charger doesn't properly check the data it receives, allowing malicious code to be executed remotely. To protect yourself, keep your charger's software up to date and consider restricting network access to the charger to prevent unauthorized access.
Original title
ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected instal...
Original description
ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex EV chargers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of OCPP messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26339.
The specific flaw exists within the handling of OCPP messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26339.
nvd CVSS3.0
7.5
Vulnerability type
CWE-121
Stack-based Buffer Overflow
Published: 11 Apr 2026 · Updated: 11 Apr 2026 · First seen: 11 Apr 2026