CVE-2026-55844
Received Received - Intake

Home Assistant iOS App SSID Allowlist Bypass

Publication date: 2026-06-29

Last updated on: 2026-06-29

Assigner: GitHub, Inc.

Description
Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2025.5.0, The iOS companion app ignores the SSID allowlist for internal networks. The app uses SSID to detect when to use the internal URL, but whenever the app cannot find any other URL to be used, it fallbacks to the internal URL as well, which can expose user's token when connected to a not secure network. This vulnerability is fixed in 2025.5.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-29
Last Modified
2026-06-29
Generated
2026-06-29
AI Q&A
2026-06-29
EPSS Evaluated
N/A
NVD
CVE-2026-55844
EUVD
EUVD-2026-40119

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
home_assistant ios_companion_app to 2025.5.0 (inc)
home_assistant ios_companion_app to 2025.5.0 (exc)
home_assistant ios_companion_app 2025.5.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-319 The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability in the Home Assistant iOS Companion App (prior to version 2025.5.0) involves the app ignoring the SSID allowlist for internal networks. This means the app uses the SSID to decide when to use an internal URL, but if it cannot find any other URL, it falls back to using the internal URL even on unsecured or untrusted networks.

As a result, the app may send the user's access token and sensor data over an unsecured network, potentially exposing sensitive information to third parties.

Impact Analysis

This vulnerability can lead to unauthorized exposure of your sensitive data, including your access token and sensor information, because the app may transmit this data over unsecured networks in cleartext.

An attacker on the same unsecured network could intercept this data, potentially gaining unauthorized access to your Home Assistant environment or personal information.

Detection Guidance

This vulnerability can be detected by monitoring network traffic for unauthorized transmission of the user's access token and sensor data over unsecured networks. Since the app may send sensitive information in cleartext when connected to untrusted networks, inspecting network packets for such data can help identify exploitation.

Commands to detect this might include using network packet capture tools such as tcpdump or Wireshark to filter and analyze traffic from the iOS Companion App.

  • Use tcpdump to capture traffic on your network interface: tcpdump -i <interface> -w capture.pcap
  • Analyze the capture file with Wireshark to look for unencrypted tokens or sensor data being sent to unknown or unsecured URLs.
  • Use filters in Wireshark such as 'http' or 'tcp.port == 80' to focus on unencrypted HTTP traffic.
Mitigation Strategies

The immediate mitigation step is to update the iOS Companion App to version 2025.5.0 or later, where the vulnerability is fixed by enforcing SSID checks and preventing connections outside the allowed network.

Additionally, avoid connecting the device running the app to unsecured or untrusted Wi-Fi networks to reduce the risk of token exposure.

Review and configure the SSID allowlist properly within the app settings to ensure it only connects to trusted internal networks.

Compliance Impact

This vulnerability can negatively impact compliance with common standards and regulations such as GDPR and HIPAA because it allows the user's access token and sensor data to be exposed over unsecured networks in cleartext. Such exposure of sensitive information can lead to unauthorized access to confidential data, which violates data protection and privacy requirements mandated by these regulations.

By transmitting sensitive data without proper network restrictions, the vulnerability increases the risk of data breaches and unauthorized data disclosure, which are critical concerns under GDPR and HIPAA compliance frameworks.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-55844. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart