Executive Summary

CVE-2026-40602 is a vulnerability in the Home Assistant Command-line interface (hass-cli) versions prior to 1.0.0. The issue arises because these versions use an unrestricted Jinja2 environment to render user-supplied templates locally, instead of a sandboxed environment.

This lack of sandboxing allows malicious templates to access Python internals and execute arbitrary Python code on the local machine by exploiting built-in functions and modules through Jinja2 expressions.

An attacker can exploit this by tricking a user into downloading and rendering a malicious template locally using the hass-cli tool, which requires high privileges and user interaction.

The vulnerability was fixed in version 1.0.0 by switching to a sandboxed environment (ImmutableSandboxedEnvironment) that restricts access to Python internals and prevents unsafe code execution.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability in home-assistant-cli allows arbitrary code execution on the local machine through unsafe rendering of user-supplied Jinja2 templates. This can lead to unauthorized access to sensitive data and compromise of system integrity.

Such unauthorized access and potential data exposure could negatively impact compliance with data protection standards and regulations like GDPR and HIPAA, which require strict controls over data confidentiality and integrity.

However, the vulnerability requires local access, high privileges, and user interaction, limiting the attack scope to local environments rather than remote exploitation.

Fixing the vulnerability by sandboxing template rendering reduces the risk of unauthorized code execution and helps maintain compliance with security requirements mandated by these standards.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to arbitrary code execution on the local machine where the Home Assistant CLI is used.

If exploited, an attacker could run malicious Python code with the privileges of the user running the CLI, potentially compromising confidentiality and integrity of local data.

However, exploitation requires local access, high privileges, and user interaction, as the user must render a malicious template intentionally or unknowingly.

There is no impact on availability, and remote Home Assistant instances are not affected by this vulnerability.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking if the home-assistant-cli (hass-cli) version installed is prior to 1.0.0, as these versions use an unrestricted Jinja2 environment for rendering templates locally.

Additionally, detection involves identifying if any user-supplied Jinja2 templates are being rendered locally using the command: `hass-cli template <template-file> --local` without proper review.

To detect potential exploitation attempts, you can look for suspicious Jinja2 template expressions that access Python internals, such as:

• {% - set b = environ.__globals__['__builtins__'] - %}
• {% - set os = b['__import__']('os') - %}
• {% - set bio = b['__import__']('builtins') - %}

Commands to check the installed version of hass-cli include:

• `hass-cli --version`

To scan for usage of the vulnerable template rendering command, you can search shell history or logs for:

• `hass-cli template *.j2 --local`

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade the home-assistant-cli (hass-cli) package to version 1.0.0 or later, where the vulnerability is fixed by using a sandboxed Jinja2 environment (`ImmutableSandboxedEnvironment`).

Until the upgrade can be performed, avoid rendering untrusted or third-party Jinja2 templates locally using the `hass-cli template <template-file> --local` command.

As a workaround, manually or with tools, evaluate and review Jinja2 templates before rendering them to ensure they do not contain malicious code.

Restrict usage of the CLI to trusted users with appropriate privileges to reduce the risk of exploitation.

Useful 0 Not Useful 0