Home-assistant Core
15 CVEs affecting Home-assistant Core. Latest disclosed: 2026-05-29. Critical: 1, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-27482 | Critical | 10.0 | 2023-03-08 | homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Ho… |
CVE-2023-41895 | High | 8.8 | 2023-10-19 | Home assistant is an open source home automation. The Home Assistant login page allows users to use their local Home Assistant credentials and log in to anothe… |
CVE-2023-41897 | High | 8.8 | 2023-10-19 | Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which spe… |
CVE-2023-41898 | High | 8.6 | 2023-10-19 | Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in… |
CVE-2023-44385 | High | 8.6 | 2023-10-19 | The Home Assistant Companion for iOS and macOS app up to version 2023.4 are vulnerable to Client-Side Request Forgery. Attackers may send malicious links/QRs t… |
CVE-2026-44698 | High | 8.3 | 2026-05-29 | Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.4.1 for iOS and 2026.4.4 for Android, he Home A… |
CVE-2023-41896 | High | 7.1 | 2023-10-19 | Home assistant is an open source home automation. Whilst auditing the frontend code to identify hidden parameters, Cure53 detected `auth_callback=1`, which is… |
CVE-2025-25305 | High | 7.0 | 2025-02-18 | Home Assistant Core is an open source home automation that puts local control and privacy first. Affected versions are subject to a potential man-in-the-middle… |
CVE-2023-41899 | Medium | 6.6 | 2023-10-19 | Home assistant is an open source home automation. In affected versions the `hassio.addon_stdin` is vulnerable to a partial Server-Side Request Forgery where an… |
CVE-2023-41894 | Medium | 5.3 | 2023-10-19 | Home assistant is an open source home automation. The assessment verified that webhooks available in the webhook component are triggerable via the `*.ui.nabu.c… |
CVE-2023-50715 | Medium | 4.3 | 2023-12-15 | Home Assistant is open source home automation software. Prior to version 2023.12.3, the login page discloses all active user accounts to any unauthenticated br… |
CVE-2023-41893 | Medium | 4.3 | 2023-10-19 | Home assistant is an open source home automation. The audit team’s analyses confirmed that the `redirect_uri` and `client_id` are alterable when logging in. Co… |
CVE-2026-33045 | | 2026-03-27 | Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2025.02 and prior to version 2026.01 the… | |
CVE-2026-33044 | | 2026-03-27 | Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2020.02 and prior to version 2026.01, an… | |
CVE-2025-62172 | | 2025-10-14 | Home Assistant is open source home automation software that puts local control and privacy first. In versions 2025.1.0 through 2025.10.1, the energy dashboard… |