CVE-2026-4157
ChargePoint Home Flex revssh Service Command Injection (CVE-2026-4157) allows network-adjacent attackers to execute arbitrary code as root due to improper validation of a user-supplied string before invoking a system call in OCPP message handling. Authentication is not required. The issue is docu...