Unauthenticated Endpoint Exposure in Home Assistant by Home Assistant
CVE-2026-34205

9.7CRITICAL

Key Information:

Vendor: Home-assistant
Status: Home Assistant Operating System; Home Assistant Supervisor
Vendor: CVE Published:; 27 March 2026

🔔 Create Home-assistant Vulnerability Alert

What is CVE-2026-34205?

Home Assistant, the popular open-source home automation software, has a vulnerability affecting its configurations that utilize host network mode. This security issue allows unauthenticated access to critical endpoints bound to the internal Docker bridge interface, potentially exposing these endpoints to any device on the local network. Users should ensure they are running Home Assistant Supervisor version 2026.03.02 or newer to mitigate this risk and maintain the integrity of their home automation systems.

Affected Version(s)

Home Assistant Operating System <= 17.1

Home Assistant Supervisor < 2026.03.2

References

https://github.com/home-assistant/core/security/advisorie...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.7

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34205 Data

JSON