CVE-2026-34205CRITICAL 9.6EPSS p10.9%

CVE-2026-34205CVE-2026-34205

Description

Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps (formerly add-ons) configured with host network mode expose unauthenticated endpoints bound to the internal Docker bridge interface to the local network. On Linux, this configuration does not restrict access to the app as intended, allowing any device on the same network to reach these endpoints without authentication. Home Assistant Supervisor 2026.03.02 addresses the issue.

Scoring

CVSS 3.19.6 (CRITICAL)
VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS0.21% probability of exploitation · percentile 10.9% · 2026-06-19T12:03:05Z
Published2026-03-27
Last modified2026-03-30

Underlying weaknesses· 1

CWE-923

References

  1. https://github.com/home-assistant/core/security/advisories/GHSA-gh5m-4m97-c95h

1

TypeTargetConfidenceTier
WeaknessImproper Restriction of Communication Channel to Intended Endpointscwe-9230%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-3558
CVE
CVE-2025-52665
CVE
CVE-2025-29629
CVE
CVE-2026-21032
CVE
CVE-2025-41656
CVE
CVE-2026-3559
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.