CVE-2026-32111

MEDIUM

Home Assistant MCP Server < 7.0.0 - OAuth ha_url Server-Side Request Forgery

Title source: manual

Description

ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form (beta feature) accepts a user-supplied ha_url and makes a server-side HTTP request to {ha_url}/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network reconnaissance via an error oracle. Two additional code paths in OAuth tool calls (REST and WebSocket) are affected by the same primitive. The primary deployment method (private URL with pre-configured HOMEASSISTANT_TOKEN) is not affected. This vulnerability is fixed in 7.0.0.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://github.com/homeassistant-ai/ha-mcp/security/advisories/GHSA-fmfg-9g7c-3vq7

Scores

CVSS v3 5.3

EPSS 0.0004

EPSS Percentile 12.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (2)

homeassistant-ai/home_assistant_mcp_server < 7.0.0

pypi/ha-mcp 0 - 7.0.0PyPI

Published Mar 11, 2026

Tracked Since Mar 12, 2026