Browse all 6 CVE security advisories affecting openhab. AI-powered Chinese analysis, POCs, and references for each vulnerability.
OpenHAB serves as an open-source home automation platform integrating diverse IoT devices and systems. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and authentication flaws. The platform's Java-based architecture and extensive third-party integrations introduce potential attack surfaces. While no major public security incidents have been widely documented, the six recorded CVEs highlight ongoing security considerations. Users must implement network segmentation, regular updates, and secure configurations to mitigate risks, as the platform's broad device connectivity increases potential exposure to exploitation if not properly secured.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-42469 | CometVisu Backend for openHAB affected by RCE through path traversal — openhab-webuiCWE-22 | 9.8 | Critical | 2024-08-09 |
| CVE-2024-42468 | Path traversal (CometVisu) — openhab-webuiCWE-22 | 5.3 | Medium | 2024-08-09 |
| CVE-2024-42467 | CometVisu Backend for openHAB affected by SSRF/XSS — openhab-webuiCWE-918 | 10.0 | Critical | 2024-08-09 |
| CVE-2024-42470 | CometVisu Backend for openHAB has a sensitive information disclosure vulnerability — openhab-webuiCWE-862 | 6.5 | Medium | 2024-08-09 |
| CVE-2021-21266 | XXE vulnerability in OpenHAB — openhab-addonsCWE-611 | 6.4 | Medium | 2021-02-01 |
| CVE-2020-5242 | openHAB exec add-ons allow remote arbitrary command execution — openhab-addonsCWE-284 | 7.7 | High | 2020-02-20 |
This page lists every published CVE security advisory associated with openhab. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.