Lyghtnox

**Name of the Vulnerable Software and Affected Versions** Home Assistant Community Store (HACS) version 1.10.0 **Description** A path traversal issue allows unauthenticated attackers to read sensitive files by traversing directories via the '/hacsfiles/' endpoint. This can be used to retrieve the `.storage/auth` file, which contains user credentials and refresh tokens, enabling the creation of valid JWT (JSON Web Tokens) to gain administrative access to Home Assistant instances. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.