home-assistant

Top products

The 15 most recently published vulnerabilities affecting home-assistant.

• CVE-2026-54318Home Assistant: Exported BroadcastReceiver allows local apps to spoof device location7.1Jun 23, 2026
• CVE-2026-54317Home Assistant: Konnected alarm-panel switch state and zone topology disclosed to unauthenticated actors on the LAN7.6Jun 23, 2026
• CVE-2026-44698Home Assistant: Cross-origin iframe access token exfiltration via WebView JS bridge callback injection8.3May 29, 2026
• CVE-2021-47942Home Assistant Community Store 1.10.0 Path Traversal Account Takeover7.5May 16, 2026
• CVE-2026-34205Home Assistant: Unauthenticated App (Add-on) Endpoints Exposed to Local Network via Host Network Mode9.6Mar 27, 2026
• CVE-2026-33045Home Assistant has stored XSS in history-graphs5.4Mar 27, 2026
• CVE-2026-33044Home Assistant has stored XSS in Map-card through malicious device name5.4Mar 27, 2026
• CVE-2025-65713Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths during concatenation, leaving a path traversal vulnerability.4.0Dec 23, 2025
• CVE-2025-25305SSL validation for outgoing requests in Home Assistant Core and used libs not correct7.0Feb 18, 2025
• CVE-2023-50715User accounts disclosed to unauthenticated actors on the LAN4.3Dec 15, 2023
• CVE-2023-41893Account takeover via auth_callback login in Home Assistant Core4.3Oct 19, 2023
• CVE-2023-41894Local-only webhooks externally accessible via SniTun in Home Assistant Core5.3Oct 19, 2023
• CVE-2023-41895Cross-site Scripting via auth_callback login in Home Assistant Core8.8Oct 19, 2023
• CVE-2023-41896Fake websocket server installation permits full takeover in Home Assistant Core7.1Oct 19, 2023
• CVE-2023-41897Lack of XFO header allows clickjacking in Home Assistant Core8.8Oct 19, 2023