Nixpkgs Security Tracker

Untriaged

Permalink CVE-2026-32111

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): NONE

created 1 week, 3 days ago

ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle

ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form (beta feature) accepts a user-supplied ha_url and makes a server-side HTTP request to {ha_url}/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network reconnaissance via an error oracle. Two additional code paths in OAuth tool calls (REST and WebSocket) are affected by the same primitive. The primary deployment method (private URL with pre-configured HOMEASSISTANT_TOKEN) is not affected. This vulnerability is fixed in 7.0.0.

References

https://github.com/homeassistant-ai/ha-mcp/security/advisories/GHSA-fmfg-9g7c-3vq7 x_refsource_CONFIRM

Affected products

ha-mcp

==< 7.0.0

Matching in nixpkgs

pkgs.ha-mcp

MCP server for controlling Home Assistant via natural language

nixos-unstable 6.7.1
- nixpkgs-unstable 6.7.1
- nixos-unstable-small 6.7.1

Package maintainers

@JamieMagee Jamie Magee <jamie.magee@gmail.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.ha-mcp

Package maintainers