CVE-2026-32111

Name of the Vulnerable Software and Affected Versions ha-mcp versions prior to 7.0.0

Description ha-mcp is a Home Assistant MCP Server. The ha-mcp OAuth consent form (beta feature) accepts a user-supplied ha url and makes a server-side HTTP request to {ha url}/api/config without URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network reconnaissance via an error oracle. Two additional code paths in OAuth tool calls (REST and WebSocket) are affected by the same issue. The primary deployment method (private URL with pre-configured HOMEASSISTANT TOKEN) is not affected. The issue allows an attacker to map reachable hosts and open ports from the server's network position. The vulnerability is present in the consent form validation, REST tool calls with forged tokens, and WebSocket tool calls with forged tokens. The REST tool calls make HTTP requests to hardcoded HA API paths on the provided host. The WebSocket tool calls attempt to establish WebSocket connections to {ha url}/api/websocket.

Recommendations Upgrade to version 7.0.0.