Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-32111 is a Server-Side Request Forgery (SSRF) vulnerability in the ha-mcp package's OAuth consent form beta feature prior to version 7.0.0. The vulnerability occurs because the server accepts a user-supplied URL (ha_url) and makes an HTTP request to {ha_url}/api/config without validating the URL's scheme, IP address, or domain."}, {'type': 'paragraph', 'content': 'This lack of validation allows an unauthenticated attacker to submit arbitrary URLs and perform internal network reconnaissance by analyzing different error messages returned from the server. These error messages reveal information about host availability and port status, effectively acting as an error oracle.'}, {'type': 'paragraph', 'content': 'Three code paths are affected: the OAuth consent form validation, REST tool calls with forged tokens, and WebSocket tool calls with forged tokens. Attackers can automate attacks by registering clients and submitting arbitrary URLs without user interaction.'}, {'type': 'paragraph', 'content': 'The vulnerability is fixed in ha-mcp version 7.0.0.'}] [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows unauthenticated attackers to perform internal network reconnaissance from the server’s network position. By exploiting the error oracle, attackers can map reachable hosts and open ports within the internal network.

Additionally, attackers can forge OAuth tokens to make REST API and WebSocket calls to arbitrary hosts within the internal network, potentially gathering JSON responses from Home Assistant API endpoints if present.

However, effective data exfiltration is limited because non-Home Assistant services are unlikely to respond with useful JSON data, and WebSocket protocol failures limit exploitation.

Overall, the impact is moderate (CVSS 5.3) and primarily involves information disclosure about the internal network rather than direct data compromise or service disruption.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by observing if the ha-mcp OAuth consent form (beta feature) accepts user-supplied ha_url values and makes server-side HTTP requests to {ha_url}/api/config without URL validation. Detection involves checking for unusual or unauthorized HTTP requests originating from the ha-mcp server to internal or unexpected network addresses.

One way to detect exploitation attempts is to monitor network traffic or server logs for requests to various internal IP addresses or URLs that are not normally accessed, especially those resulting in distinct error messages such as connection errors, timeouts, or HTTP 401/403 responses.

Suggested commands to detect this behavior include:

• Use network monitoring tools like tcpdump or Wireshark to capture outgoing HTTP requests from the ha-mcp server: tcpdump -i <interface> host <ha-mcp-server-ip> and port 80 or 443
• Check server logs for unusual HTTP GET requests to /api/config endpoints with varying hostnames or IP addresses.
• Use curl or similar tools to manually test the OAuth consent form by submitting different ha_url values and observing server responses and logs.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate and recommended mitigation step is to upgrade the ha-mcp package to version 7.0.0 or later, where this vulnerability is fixed.

Additionally, if possible, disable the OAuth consent form beta feature or restrict access to it until the upgrade is applied.

Ensure that the primary deployment method using a pre-configured HOMEASSISTANT_TOKEN is used, as it is not affected by this vulnerability.

Useful 0 Not Useful 0