7.5

CVE-2026-4155

EPSS 0.57%
Veröffentlicht 11.04.2026 00:16:25
Zuletzt bearbeitet 27.04.2026 17:42:30
Quelle zdi-disclosures@trendmicro.com
CVE-Watchlists
Login
Unerledigt
Login

ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability

ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the genpw script. The issue results from the inclusion of a secret cryptographic seed value within the script. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-26340.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Chargepoint ≫ Home Flex Cph50 Firmware Version < 5.5.4.22

Chargepoint ≫ Home Flex Cph50 Version-

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.57%	0.424

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
zdi-disclosures@trendmicro.com	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-540 Inclusion of Sensitive Information in Source Code

Source code on a web server or repository often contains sensitive information and should generally not be accessible to users.

https://www.zerodayinitiative.com/advisories/ZDI-26-195/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-4155

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-4155

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-4155

EUVD