Homeassistant-ai Home Assistant Mcp Server — known CVE vulnerabilities
Every CVE whose affected-product data names Homeassistant-ai Home Assistant Mcp Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2026-32112 — CVSS 6.8 (medium): ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form renders user-controlled parameters via Python…
CVE-2026-32111 — CVSS 5.3 (medium): ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form (beta feature) accepts a user-supplied ha_url and…