ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability

ChargePoint Home Flex charging stations contain a high-severity vulnerability (CVE-2026-4155, CVSS 7.5) that allows unauthenticated remote attackers to access and disclose sensitive information from affected devices. This represents a significant security risk because no credentials are required to exploit the flaw, meaning any attacker on the network can potentially retrieve confidential data. Security teams should prioritize patching ChargePoint Home Flex installations immediately and consider implementing network segmentation to limit access to these devices until updates are available.