ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability

ChargePoint Home Flex devices contain a critical vulnerability (CVE-2026-4157) that allows unauthenticated, network-adjacent attackers to execute arbitrary code with a CVSS score of 7.5. An attacker can exploit this flaw without needing credentials to gain full code execution on affected devices, potentially compromising the device's functionality and data. Security teams should immediately identify and patch all ChargePoint Home Flex installations in their environments and isolate affected devices from trusted networks until patches are applied.