All 6 CVE vulnerabilities found in esphome, with AI-generated Chinese analysis, references, and POCs.
Vendor: esphome
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-23833 | ESPHome vulnerable to denial-of-service via out-of-bounds check bypass in the API component CWE-190 | 8.6AI | HighAI | 2026-01-19 |
| CVE-2025-57808 | ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header CWE-303 | 8.1 | High | 2025-09-02 |
| CVE-2024-29019 | ESPHome vulnerable to Authentication bypass via Cross site request forgery CWE-352 | 8.1 | High | 2024-03-21 |
| CVE-2024-27287 | ESPHome vulnerable to stored Cross-site Scripting in edit configuration file API CWE-79 | 6.5 | Medium | 2024-03-06 |
| CVE-2024-27081 | ESPHome remote code execution via arbitrary file write CWE-22 | 7.2 | High | 2024-02-26 |
| CVE-2021-41104 | web_server allows OTA update without checking user defined basic auth username & password CWE-306 | 7.5 | High | 2021-09-28 |
All 6 known CVE vulnerabilities affecting esphome with full Chinese analysis, references, and POCs where available.