CVE-2026-32112: Cross-Site Scripting in Home Assistant MCP Server OAuth Flow
Vulnerability ID: CVE-2026-32112
CVSS Score: 6.8
Published: 2026-03-12
The Home Assistant MCP Server (ha-mcp) prior to version 7.0.0 contains a Cross-Site Scripting (XSS) vulnerability within its beta OAuth consent form. The application dynamically constructs HTML using Python f-strings without proper input sanitization, allowing attackers to execute arbitrary JavaScript in the context of the server operator's browser session.
TL;DR
ha-mcp versions before 7.0.0 are vulnerable to Stored and Reflected XSS in the beta ha-mcp-oauth mode. Attackers can steal Home Assistant tokens by tricking operators into clicking crafted authorization links.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-79
- Attack Vector: Network
- CVSS Base Score: 6.8
- EPSS Score: 0.00033
- Exploit Status: Proof of Concept
- KEV Status: Not Listed
Affected Systems
- ha-mcp (Home Assistant MCP Server)
- ha-mcp-oauth beta mode
-
ha-mcp: < 7.0.0 (Fixed in:
7.0.0)
Code Analysis
Commit: 3b93c4d
Dependency Update: Update fastmcp to 3.1.0 to enforce strict output encoding
Mitigation Strategies
- Upgrade ha-mcp to version 7.0.0 or later
- Disable the beta ha-mcp-oauth mode
- Implement a restrictive Content Security Policy (CSP)
- Restrict network access to the ha-mcp endpoints
Remediation Steps:
- Log in to the system hosting the ha-mcp server.
- Update the ha-mcp package to version 7.0.0 or higher.
- If immediate updating is impossible, alter the configuration to disable the ha-mcp-oauth beta feature.
- Restart the ha-mcp service to apply the updated dependencies or configuration.
- Audit connected clients and Home Assistant access logs for unauthorized token usage or API requests.
References
- GitHub Security Advisory GHSA-pf93-j98v-25pv
- CVE Record CVE-2026-32112
- Fix Commit (Dependency Update)
- NVD Entry CVE-2026-32112
Read the full report for CVE-2026-32112 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)