CVE-2026-32112

Name of the Vulnerable Software and Affected Versions ha-mcp versions prior to 7.0.0

Description ha-mcp is a Home Assistant MCP Server. Prior to version 7.0.0, the OAuth consent form renders user-controlled parameters using Python f-strings without proper HTML escaping. This allows an attacker who can reach the OAuth endpoint and convince the server operator to follow a crafted authorization URL to execute JavaScript in the operator's browser. This issue only affects users running the beta OAuth mode (ha-mcp-oauth), which requires explicit configuration and is not part of the standard setup. The vulnerability resides in the rendering of parameters like client name, client id, redirect uri, state, error message, error, and error description within the consent form.py file. An attacker can register a malicious client via the /register endpoint and then exploit the lack of HTML escaping to execute a JavaScript payload when the server operator visits a crafted authorization URL. The attack requires convincing the server operator to authorize an unfamiliar application. Successful exploitation could lead to the exfiltration of data entered into the consent form, including the Home Assistant Long-Lived Access Token.

Recommendations Upgrade to version 7.0.0.