CVE-2026-32111

ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form (beta feature) accepts a user-supplied ha_url and makes a server-side HTTP request to {ha_url}/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network reconnaissance via an error oracle. Two additional code paths in OAuth tool calls (REST and WebSocket) are affected by the same primitive. The primary deployment method (private URL with pre-configured HOMEASSISTANT_TOKEN) is not affected. This vulnerability is fixed in 7.0.0.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/homeassistant-ai/ha-mcp/security/advisories/GHSA-fmfg-9g7c-3vq7	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:homeassistant-ai:home_assistant_mcp_server:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-11 21:16

Updated : 2026-03-17 15:37

NVD link : CVE-2026-32111

Mitre link : CVE-2026-32111

CVE.ORG link : CVE-2026-32111

JSON object : View

Products Affected

homeassistant-ai

home_assistant_mcp_server

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2026-32111", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2026-03-11T21:16:17.267", "references": [{"url": "https://github.com/homeassistant-ai/ha-mcp/security/advisories/GHSA-fmfg-9g7c-3vq7", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form (beta feature) accepts a user-supplied ha_url and makes a server-side HTTP request to {ha_url}/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network reconnaissance via an error oracle. Two additional code paths in OAuth tool calls (REST and WebSocket) are affected by the same primitive. The primary deployment method (private URL with pre-configured HOMEASSISTANT_TOKEN) is not affected. This vulnerability is fixed in 7.0.0."}, {"lang": "es", "value": "ha-mcp es un servidor MCP de Home Assistant. Antes de la versi\u00f3n 7.0.0, el formulario de consentimiento OAuth de ha-mcp (caracter\u00edstica beta) acepta una ha_url proporcionada por el usuario y realiza una solicitud HTTP del lado del servidor a {ha_url}/api/config sin validaci\u00f3n de URL. Un atacante no autenticado puede enviar URLs arbitrarias para realizar reconocimiento de red interno a trav\u00e9s de un or\u00e1culo de errores. Dos rutas de c\u00f3digo adicionales en las llamadas a herramientas OAuth (REST y WebSocket) se ven afectadas por la misma primitiva. El m\u00e9todo de despliegue principal (URL privada con HOMEASSISTANT_TOKEN preconfigurado) no se ve afectado. Esta vulnerabilidad se corrige en la versi\u00f3n 7.0.0."}], "lastModified": "2026-03-17T15:37:53.473", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:homeassistant-ai:home_assistant_mcp_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75A833D1-96EB-451C-876C-1267332C62DD", "versionEndExcluding": "7.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}