What is CVE-2026-44698?

CVE-2026-44698 is a high-severity vulnerability in Home Assistant Companion App (Android), classified under Code Injection. CVSS score: 8.3/10. Published 2026-05-29.

How severe is CVE-2026-44698?

High severity. CVSS v3 base score is 8.3 out of 10.

RCE in Home Assistant Companion App (Android)

CVE-2026-44698

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.4.1 for iOS and 2026.4.4 for Android, he Home Assistant Companion apps for Android and iOS expose a JavaScript bridge to the in…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.000 (5.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.3 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H.

Affected products

Home Assistant Companion App (Android) — versions < 2026.4.4
Home Assistant Companion App (Ios) — versions < 2026.4.1
Home-assistant Core — versions < 2026.4.4

Weakness classification (CWE)

References

security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-44698?: CVE-2026-44698 is a high-severity vulnerability in Home Assistant Companion App (Android), classified under Code Injection. CVSS score: 8.3/10. Published 2026-05-29.
How severe is CVE-2026-44698?: High severity. CVSS v3 base score is 8.3 out of 10.