Browse all 6 CVE security advisories affecting esphome. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-23833 | ESPHome vulnerable to denial-of-service via out-of-bounds check bypass in the API component — esphomeCWE-190 | 8.6AI | HighAI | 2026-01-19 |
| CVE-2025-57808 | ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header — esphomeCWE-303 | 8.1 | High | 2025-09-02 |
| CVE-2024-29019 | ESPHome vulnerable to Authentication bypass via Cross site request forgery — esphomeCWE-352 | 8.1 | High | 2024-03-21 |
| CVE-2024-27287 | ESPHome vulnerable to stored Cross-site Scripting in edit configuration file API — esphomeCWE-79 | 6.5 | Medium | 2024-03-06 |
| CVE-2024-27081 | ESPHome remote code execution via arbitrary file write — esphomeCWE-22 | 7.2 | High | 2024-02-26 |
| CVE-2021-41104 | web_server allows OTA update without checking user defined basic auth username & password — esphomeCWE-306 | 7.5 | High | 2021-09-28 |
This page lists every published CVE security advisory associated with esphome. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.