CVE-2026-4155

EPSS 0.24%
Veröffentlicht 11.04.2026 00:16:25
Zuletzt bearbeitet 13.04.2026 15:01:43
Quelle zdi-disclosures@trendmicro.com
CVE-Watchlists
Login
Unerledigt
Login

ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the genpw script. The issue results from the inclusion of a secret cryptographic seed value within the script. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-26340.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerChargePoint

≫

Produkt Home Flex

Default Statusunknown

Version 5.5.4.13

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.469

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
zdi-disclosures@trendmicro.com	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-540 Inclusion of Sensitive Information in Source Code

Source code on a web server or repository often contains sensitive information and should generally not be accessible to users.

https://www.zerodayinitiative.com/advisories/ZDI-26-195/

https://nvd.nist.gov/vuln/detail/CVE-2026-4155

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-4155

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-4155

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-4155