Moderate severityNVD Advisory· Published Mar 11, 2026· Updated Mar 12, 2026
ha-mcp has XSS via Unescaped HTML in OAuth Consent Form
CVE-2026-32112
Description
ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form renders user-controlled parameters via Python f-strings with no HTML escaping. An attacker who can reach the OAuth endpoint and convince the server operator to follow a crafted authorization URL could execute JavaScript in the operator's browser. This affects only users running the beta OAuth mode (ha-mcp-oauth), which is not part of the standard setup and requires explicit configuration. This vulnerability is fixed in 7.0.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ha-mcpPyPI | < 7.0.0 | 7.0.0 |
Affected products
2- homeassistant-ai/ha-mcpv5Range: < 7.0.0
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-pf93-j98v-25pvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-32112ghsaADVISORY
- github.com/homeassistant-ai/ha-mcp/security/advisories/GHSA-pf93-j98v-25pvghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.