CVE-2026-45323EPSS p17.7%

CVE-2026-45323CVE-2026-45323

jpettitt / meshcore_card

Description

MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect (repeated) radio range to execute arbitrary javascript in the Home Assistant frontend of anyone viewing the card. This vulnerability is fixed in 0.3.3.

Scoring

CVSS 9.6 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS0.27% probability of exploitation · percentile 17.7% · 2026-06-19T12:03:05Z
Last modified2026-06-03

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-59430
CVE
CVE-2025-2218
CVE
CVE-2026-34205
CVE
CVE-2026-35466
CVE
CVE-2026-27849
CVE
CVE-2026-21032
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.