CVE-2026-32112 MEDIUM

CVE-2026-32112: ha-mcp has XSS via Unescaped HTML in OAuth Consent Form

Vendor Homeassistant-Ai

Product ha-mcp

Weakness CWE-79 · XSS

Published March 11, 2026

Last update March 12, 2026

View on NVD All CVEs

CVSS base score

6.8/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form renders user-controlled parameters via Python f-strings with no HTML escaping. An attacker who can reach the OAuth endpoint and convince the server operator to follow a crafted authorization URL could execute JavaScript in the operator's browser. This affects only users running the beta OAuth mode (ha-mcp-oauth), which is not part of the standard setup and requires explicit configuration. This vulnerability is fixed in 7.0.0.

Key dates

02Disclosure timeline

March 11, 2026 CVE published

March 12, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-32112 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-56235 WordPress Coupon plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerability CVE-2026-40302 zrok has reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error rendering CVE-2024-4448 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table' CVE-2024-8544 Pixel Cat – Conversion Pixel Manager <= 3.0.5 - Reflected Cross-Site Scripting CVE-2023-5200 flowpaper <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode