CVE-2026-32111
ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form (beta feature) accepts a user-supplied ha_url and makes a server-side HTTP request to {ha_url}/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network reconnaissance via an error oracle. Two additional code paths in OAuth tool calls (REST and WebSocket) are affected by the same primitive. The primary deployment method (private URL with pre-configured HOMEASSISTANT_TOKEN) is not affected. This vulnerability is fixed in 7.0.0.
| CWE | CWE-918 |
| Vendor | homeassistant-ai |
| Product | ha-mcp |
| Published | Mar 11, 2026 |
| Last Updated | Mar 12, 2026 |
Stay Ahead of the Next One
Get instant alerts for homeassistant-ai ha-mcp
Be the first to know when new medium vulnerabilities affecting homeassistant-ai ha-mcp are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Affected Versions
homeassistant-ai / ha-mcp
< 7.0.0