iOS Companion App Vulnerability in Home Assistant Software
CVE-2026-55844

7.5HIGH

Key Information:

Vendor: Home-assistant
Status: Core
Vendor: CVE Published:; 29 June 2026

🔔 Create Home-assistant Vulnerability Alert

What is CVE-2026-55844?

The iOS companion app of Home Assistant, an open-source home automation platform focused on local control and privacy, is susceptible to an improper network configuration flaw. Prior to version 2025.5.0, the app fails to respect the SSID allowlist for internal networks, potentially leading to the unintended fallback to internal URLs. This behavior risks exposing user tokens when the app connects to untrusted networks, thereby compromising user security and privacy.

Affected Version(s)

core < 2025.5.0

References

https://github.com/home-assistant/core/security/advisorie...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2026
Vulnerability Reserved
Jun 17, 2026

CVE-2026-55844 Data

JSON