{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-19T08:08:58.678","vulnerabilities":[{"cve":{"id":"CVE-2026-32111","sourceIdentifier":"security-advisories@github.com","published":"2026-03-11T21:16:17.267","lastModified":"2026-06-17T10:35:09.367","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form (beta feature) accepts a user-supplied ha_url and makes a server-side HTTP request to {ha_url}/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network reconnaissance via an error oracle. Two additional code paths in OAuth tool calls (REST and WebSocket) are affected by the same primitive. The primary deployment method (private URL with pre-configured HOMEASSISTANT_TOKEN) is not affected. This vulnerability is fixed in 7.0.0."},{"lang":"es","value":"ha-mcp es un servidor MCP de Home Assistant. Antes de la versión 7.0.0, el formulario de consentimiento OAuth de ha-mcp (característica beta) acepta una ha_url proporcionada por el usuario y realiza una solicitud HTTP del lado del servidor a {ha_url}/api/config sin validación de URL. Un atacante no autenticado puede enviar URLs arbitrarias para realizar reconocimiento de red interno a través de un oráculo de errores. Dos rutas de código adicionales en las llamadas a herramientas OAuth (REST y WebSocket) se ven afectadas por la misma primitiva. El método de despliegue principal (URL privada con HOMEASSISTANT_TOKEN preconfigurado) no se ve afectado. Esta vulnerabilidad se corrige en la versión 7.0.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"homeassistant-ai","product":"ha-mcp","versions":[{"version":"< 7.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-12T14:02:25.282035Z","id":"CVE-2026-32111","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:homeassistant-ai:home_assistant_mcp_server:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0.0","matchCriteriaId":"75A833D1-96EB-451C-876C-1267332C62DD"}]}]}],"references":[{"url":"https://github.com/homeassistant-ai/ha-mcp/security/advisories/GHSA-fmfg-9g7c-3vq7","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}