CVE-2026-34205 - Vulnerability Analysis
CriticalCVSS: 9.6Last Updated: March 27, 2026
Home Assistant - Broken Access Control
Overview
Home Assistant apps configured with host network mode expose unauthenticated endpoints on the internal Docker bridge interface, allowing any device on the local network to access these endpoints without authentication, exploit requires network access.
Severity & Score
Impact
Any device on the local network can access unauthenticated endpoints, potentially leading to unauthorized control or information disclosure.
Mitigation
Update to Home Assistant Supervisor 2026.03.02 or later.
Social Media Activity(2 posts)
š“ CVE-2026-34205 - Critical (9.6) Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps (formerly add-ons) configured with host network mode expose unauthenticated endpoints bound to the internal Docker bridge interfa... š https://www.thehackerwire.com/vulnerability/CVE-2026-34205/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š“ CVE-2026-34205 - Critical (9.6) Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps (formerly add-ons) configured with host network mode expose unauthenticated endpoints bound to the internal Docker bridge interfa... š https://www.thehackerwire.com/vulnerability/CVE-2026-34205/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-34205
- Severity
- Critical
- CVSS Score
- 9.6
- Type
- broken_access_control
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-923
CVSS Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H