4 matches found
CVE-2026-40602 hass-cli: Handling of user-supplied Jinja2 templates
The Home Assistant Command-line interface hass-cli is a command-line tool for Home Assistant. Up to 1.0.0 of home-assitant-cli an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was rendered locally with no...
CVE-2026-40602 hass-cli: Handling of user-supplied Jinja2 templates
The Home Assistant Command-line interface hass-cli is a command-line tool for Home Assistant. Up to 1.0.0 of home-assitant-cli an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was rendered locally with no...
CVE-2026-40602
Summary: CVE-2026-40602 affects the Home Assistant Command-line interface (hass-cli). Up to version 1.0.0, hass-cli evaluated user-supplied input in Jinja2 templates in an unrestricted environment, granting access to Python internals and potentially extending templating beyond intended usage. Thi...
Home Assistant Command-line Interface: Handling of user-supplied Jinja2 templates
Impact Up to 1.0.0 of home-assitant-cli or hass-cli for short an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was rendered locally with no restrictions. This gave users access to Python's internals and...