Browse all 15 CVE security advisories affecting home-assistant. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Home Assistant serves as an open-source home automation platform integrating IoT devices and smart home systems. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, privilege escalation, and authentication bypass issues. The platform's 15 recorded CVEs highlight risks in its web interface, API endpoints, and third-party integrations. Notable security characteristics include its Python-based architecture and extensive community-developed components, which introduce potential supply chain risks. While no major public security incidents have been widely documented, the consistent discovery of vulnerabilities underscores the importance of regular updates and secure configuration for deployments handling sensitive home systems.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-34205 | Home Assistant: Unauthenticated App (Add-on) Endpoints Exposed to Local Network via Host Network Mode — Home Assistant Operating SystemCWE-923 | 9.7 | Critical | 2026-03-27 |
This page lists every published CVE security advisory associated with home-assistant. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.