CVE-2026-40602
Unrestricted Jinja2 Template Rendering in Home Assistant CLI
Publication date: 2026-04-21
Last updated on: 2026-04-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| home-assistant-ecosystem | home_assistant_command-line_interface | to 1.0.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1336 | The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-40602 is a vulnerability in the Home Assistant Command-line interface (hass-cli) versions prior to 1.0.0. The issue arises because these versions use an unrestricted Jinja2 environment to render user-supplied templates locally, instead of a sandboxed environment.
This lack of sandboxing allows malicious templates to access Python internals and execute arbitrary Python code on the local machine by exploiting built-in functions and modules through Jinja2 expressions.
An attacker can exploit this by tricking a user into downloading and rendering a malicious template locally using the hass-cli tool, which requires high privileges and user interaction.
The vulnerability was fixed in version 1.0.0 by switching to a sandboxed environment (ImmutableSandboxedEnvironment) that restricts access to Python internals and prevents unsafe code execution.
How can this vulnerability impact me? :
This vulnerability can lead to arbitrary code execution on the local machine where the Home Assistant CLI is used.
If exploited, an attacker could run malicious Python code with the privileges of the user running the CLI, potentially compromising confidentiality and integrity of local data.
However, exploitation requires local access, high privileges, and user interaction, as the user must render a malicious template intentionally or unknowingly.
There is no impact on availability, and remote Home Assistant instances are not affected by this vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in home-assistant-cli allows arbitrary code execution on the local machine through unsafe rendering of user-supplied Jinja2 templates. This can lead to unauthorized access to sensitive data and compromise of system integrity.
Such unauthorized access and potential data exposure could negatively impact compliance with data protection standards and regulations like GDPR and HIPAA, which require strict controls over data confidentiality and integrity.
However, the vulnerability requires local access, high privileges, and user interaction, limiting the attack scope to local environments rather than remote exploitation.
Fixing the vulnerability by sandboxing template rendering reduces the risk of unauthorized code execution and helps maintain compliance with security requirements mandated by these standards.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the home-assistant-cli (hass-cli) version installed is prior to 1.0.0, as these versions use an unrestricted Jinja2 environment for rendering templates locally.
Additionally, detection involves identifying if any user-supplied Jinja2 templates are being rendered locally using the command: `hass-cli template <template-file> --local` without proper review.
To detect potential exploitation attempts, you can look for suspicious Jinja2 template expressions that access Python internals, such as:
- {% - set b = environ.__globals__['__builtins__'] - %}
- {% - set os = b['__import__']('os') - %}
- {% - set bio = b['__import__']('builtins') - %}
Commands to check the installed version of hass-cli include:
- `hass-cli --version`
To scan for usage of the vulnerable template rendering command, you can search shell history or logs for:
- `hass-cli template *.j2 --local`
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the home-assistant-cli (hass-cli) package to version 1.0.0 or later, where the vulnerability is fixed by using a sandboxed Jinja2 environment (`ImmutableSandboxedEnvironment`).
Until the upgrade can be performed, avoid rendering untrusted or third-party Jinja2 templates locally using the `hass-cli template <template-file> --local` command.
As a workaround, manually or with tools, evaluate and review Jinja2 templates before rendering them to ensure they do not contain malicious code.
Restrict usage of the CLI to trusted users with appropriate privileges to reduce the risk of exploitation.