Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-32112 is a Cross-Site Scripting (XSS) vulnerability in the ha-mcp package's OAuth consent form when running in beta OAuth mode (ha-mcp-oauth). The vulnerability occurs because user-controlled parameters are rendered using Python f-strings without HTML escaping, allowing malicious input to be injected directly into the HTML."}, {'type': 'paragraph', 'content': "An attacker can exploit this by registering a malicious OAuth client with crafted parameters and then tricking the server operator into visiting a specially crafted authorization URL. This causes JavaScript code to execute in the operator's browser."}, {'type': 'paragraph', 'content': 'The vulnerability affects only the beta OAuth mode, which requires explicit configuration and is not part of the standard setup. It is fixed in ha-mcp version 7.0.0 by properly escaping HTML output in the OAuth consent form.'}] [1]

Useful 0 Not Useful 0

Impact Analysis

If exploited, this vulnerability allows an attacker to execute arbitrary JavaScript in the browser of the server operator running ha-mcp in beta OAuth mode.

This can lead to the exfiltration of sensitive data entered into the consent form, including the Home Assistant Long-Lived Access Token, potentially compromising the security of the Home Assistant environment.

The attack requires the attacker to reach the OAuth endpoint, register a malicious client, and successfully trick the operator via social engineering to visit a crafted URL.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

This vulnerability affects ha-mcp when running in beta OAuth mode (ha-mcp-oauth) prior to version 7.0.0. Detection involves checking if your system is running a vulnerable version (≤ 6.7.2) of ha-mcp with the beta OAuth mode enabled.

You can verify the ha-mcp version by running a command to check the installed package version, for example:

• pip show ha-mcp

To check if the beta OAuth mode is enabled, look for the MCP_BASE_URL environment variable or configuration indicating ha-mcp-oauth mode.

Additionally, you can monitor network traffic for requests to the OAuth endpoint (which binds to 0.0.0.0 in HTTP mode) and check for any suspicious Dynamic Client Registration (DCR) activity at the /register endpoint, which accepts client registrations without authentication.

There are no specific commands provided to detect exploitation attempts, but reviewing logs for unusual client registrations or authorization URL visits may help.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation is to upgrade ha-mcp to version 7.0.0 or later, where the vulnerability is fixed by properly escaping HTML output in the OAuth consent form.

If upgrading immediately is not possible, consider disabling the beta OAuth mode (ha-mcp-oauth) to prevent exposure to the vulnerable OAuth consent form.

Restrict network access to the OAuth endpoint to trusted users only, as the attack requires network access and social engineering.

Monitor and audit client registrations at the /register endpoint to detect and block any malicious client registrations.

Educate server operators to be cautious about following authorization URLs from untrusted sources to reduce the risk of social engineering.

Useful 0 Not Useful 0