Homeassistant-ai Ha-mcp
2 CVEs affecting Homeassistant-ai Ha-mcp. Latest disclosed: 2026-03-11. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-32112 | Medium | 6.8 | 2026-03-11 | ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form renders user-controlled parameters via Python f-strings with no HTML escap… |
CVE-2026-32111 | Medium | 5.3 | 2026-03-11 | ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form (beta feature) accepts a user-supplied ha_url and makes a server-side HTTP… |