{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32111", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-10T22:02:38.855Z", "datePublished": "2026-03-11T20:41:37.529Z", "dateUpdated": "2026-03-12T14:03:53.910Z"}, "containers": {"cna": {"title": "ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/homeassistant-ai/ha-mcp/security/advisories/GHSA-fmfg-9g7c-3vq7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/homeassistant-ai/ha-mcp/security/advisories/GHSA-fmfg-9g7c-3vq7"}], "affected": [{"vendor": "homeassistant-ai", "product": "ha-mcp", "versions": [{"version": "< 7.0.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-11T20:41:37.529Z"}, "descriptions": [{"lang": "en", "value": "ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form (beta feature) accepts a user-supplied ha_url and makes a server-side HTTP request to {ha_url}/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network reconnaissance via an error oracle. Two additional code paths in OAuth tool calls (REST and WebSocket) are affected by the same primitive. The primary deployment method (private URL with pre-configured HOMEASSISTANT_TOKEN) is not affected. This vulnerability is fixed in 7.0.0."}], "source": {"advisory": "GHSA-fmfg-9g7c-3vq7", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T14:02:25.282035Z", "id": "CVE-2026-32111", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T14:03:53.910Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32111", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-12T14:02:25.282035Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T14:03:49.217Z"}}], "cna": {"title": "ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle", "source": {"advisory": "GHSA-fmfg-9g7c-3vq7", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "homeassistant-ai", "product": "ha-mcp", "versions": [{"status": "affected", "version": "< 7.0.0"}]}], "references": [{"url": "https://github.com/homeassistant-ai/ha-mcp/security/advisories/GHSA-fmfg-9g7c-3vq7", "name": "https://github.com/homeassistant-ai/ha-mcp/security/advisories/GHSA-fmfg-9g7c-3vq7", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form (beta feature) accepts a user-supplied ha_url and makes a server-side HTTP request to {ha_url}/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network reconnaissance via an error oracle. Two additional code paths in OAuth tool calls (REST and WebSocket) are affected by the same primitive. The primary deployment method (private URL with pre-configured HOMEASSISTANT_TOKEN) is not affected. This vulnerability is fixed in 7.0.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-11T20:41:37.529Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32111", "state": "PUBLISHED", "dateUpdated": "2026-03-12T14:03:53.910Z", "dateReserved": "2026-03-10T22:02:38.855Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-11T20:41:37.529Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:homeassistant-ai:home_assistant_mcp_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "75A833D1-96EB-451C-876C-1267332C62DD", "versionEndExcluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form (beta feature) accepts a user-supplied ha_url and makes a server-side HTTP request to {ha_url}/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network reconnaissance via an error oracle. Two additional code paths in OAuth tool calls (REST and WebSocket) are affected by the same primitive. The primary deployment method (private URL with pre-configured HOMEASSISTANT_TOKEN) is not affected. This vulnerability is fixed in 7.0.0."}, {"lang": "es", "value": "ha-mcp es un servidor MCP de Home Assistant. Antes de la versi\u00f3n 7.0.0, el formulario de consentimiento OAuth de ha-mcp (caracter\u00edstica beta) acepta una ha_url proporcionada por el usuario y realiza una solicitud HTTP del lado del servidor a {ha_url}/api/config sin validaci\u00f3n de URL. Un atacante no autenticado puede enviar URLs arbitrarias para realizar reconocimiento de red interno a trav\u00e9s de un or\u00e1culo de errores. Dos rutas de c\u00f3digo adicionales en las llamadas a herramientas OAuth (REST y WebSocket) se ven afectadas por la misma primitiva. El m\u00e9todo de despliegue principal (URL privada con HOMEASSISTANT_TOKEN preconfigurado) no se ve afectado. Esta vulnerabilidad se corrige en la versi\u00f3n 7.0.0."}], "id": "CVE-2026-32111", "lastModified": "2026-03-17T15:37:53.473", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-11T21:16:17.267", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/homeassistant-ai/ha-mcp/security/advisories/GHSA-fmfg-9g7c-3vq7"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,7.0.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "ha-mcp", "source": "cna", "vendor": "homeassistant-ai"}, "product": "ha-mcp", "vendor": "homeassistant-ai"}], "analysis": {"en": {"generated_at": "2026-03-17T17:05:59.539141+00:00", "value": {"mitigation_remediation": ["Upgrade to ha-mcp 7.0.0 or newer"], "summary": {"action": "Upgrade", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "Affected products include homeassistant\u2011ai:ha\u2011mcp. All versions prior to 7.0.0 are impacted; the fix is delivered in 7.0.0.", "description_and_impact": "The vulnerability occurs in the OAuth consent form of ha-mcp (Home Assistant MCP Server) where an unauthenticated user can supply an arbitrary ha_url that the server uses to perform a server\u2011side HTTP request to {ha_url}/api/config without validating the URL. This behavior constitutes a Server\u2011Side Request Forgery (CWE\u2011918) and allows the attacker to trigger error responses, which serve as an oracle for discovering internal network information, resulting in information disclosure.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity, and the EPSS score is below 1\u202f%, with no listing in the CISA KEV catalog. Exploitation requires an unauthenticated attacker to submit arbitrary URLs during the OAuth consent flow; the weakness is limited to internal network reconnaissance and does not provide remote code execution or elevated privileges."}}}}, "created": "2026-03-12T09:55:58.962448+00:00", "updated": "2026-03-20T15:37:06.264680+00:00", "vendors": ["homeassistant-ai", "homeassistant-ai$PRODUCT$ha-mcp"]}