All 2 CVE vulnerabilities found in ha-mcp, with AI-generated Chinese analysis, references, and POCs.
Vendor: homeassistant-ai
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-32112 | ha-mcp has XSS via Unescaped HTML in OAuth Consent Form CWE-79 | 6.8 | Medium | 2026-03-11 |
| CVE-2026-32111 | ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle CWE-918 | 5.3 | Medium | 2026-03-11 |
All 2 known CVE vulnerabilities affecting ha-mcp with full Chinese analysis, references, and POCs where available.