ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability

ChargePoint Home Flex EV chargers contain a critical vulnerability (CVE-2026-4156) that allows network-adjacent attackers to execute arbitrary code without requiring any authentication. An attacker exploiting this flaw could gain complete control over the charging device and potentially use it as an entry point to the network infrastructure. Security teams should immediately prioritize patching ChargePoint Home Flex devices and isolate affected chargers from critical network segments until updates are available.