| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| CVE-2026-32111 | 11 Mar 202620:41 | โ | attackerkb | |
| The Unofficial and Awesome Home Assistant MCP Server ไปฃ็ ้ฎ้ขๆผๆด | 11 Mar 202600:00 | โ | cnnvd | |
| CVE-2026-32111 ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle | 11 Mar 202620:41 | โ | cvelist | |
| EUVD-2026-11383 | 12 Mar 202614:23 | โ | euvd | |
| ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle | 12 Mar 202614:23 | โ | github | |
| CVE-2026-32111 | 11 Mar 202621:16 | โ | nvd | |
| CVE-2026-32111 ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle | 11 Mar 202620:41 | โ | osv | |
| GHSA-FMFG-9G7C-3VQ7 ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle | 12 Mar 202614:23 | โ | osv | |
| PYSEC-2026-2507 ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle | 13 Jul 202614:36 | โ | osv | |
| PT-2026-24837 | 11 Mar 202600:00 | โ | ptsecurity |
[
{
"vendor": "homeassistant-ai",
"product": "ha-mcp",
"versions": [
{
"version": "< 7.0.0",
"status": "affected"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| ha_url | request body | /api/config | OAuth consent form uses a user-supplied ha_url to perform a server-side request to ha_url/api/config without validating the URL, enabling internal network discovery. | CWE-918 |
Data
Build on a solid foundation withย Vulners data
Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data
Api
Power your application withย Vulners API
The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access
App
Assess and manage vulnerabilities withย Vulnersย tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation