{"id":"CVE-2026-32112","summary":"ha-mcp has XSS via Unescaped HTML in OAuth Consent Form","details":"ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form renders user-controlled parameters via Python f-strings with no HTML escaping. An attacker who can reach the OAuth endpoint and convince the server operator to follow a crafted authorization URL could execute JavaScript in the operator's browser. This affects only users running the beta OAuth mode (ha-mcp-oauth), which is not part of the standard setup and requires explicit configuration. This vulnerability is fixed in 7.0.0.","aliases":["GHSA-pf93-j98v-25pv"],"modified":"2026-04-02T13:24:24.166168Z","published":"2026-03-11T20:42:30.381Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32112.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-79"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32112.json"},{"type":"ADVISORY","url":"https://github.com/homeassistant-ai/ha-mcp/security/advisories/GHSA-pf93-j98v-25pv"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32112"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/homeassistant-ai/ha-mcp","events":[{"introduced":"0"},{"fixed":"1f2bbbc74e81933a39e9c63998d1408f0c198309"}]}],"versions":["v1.0.0","v1.0.1","v1.0.2","v1.0.3","v2.0.0","v2.1.0","v2.2.0","v2.3.0","v2.3.1","v2.3.2","v2.4.0","v2.5.0","v2.5.1","v2.5.2","v2.5.3","v2.5.4","v2.5.5","v2.5.6","v2.5.7","v3.0.0","v3.0.1","v3.1.0","v3.1.1","v3.1.2","v3.1.3","v3.1.4","v3.1.5","v3.1.6","v3.2.0","v3.2.1","v3.2.2","v3.2.3","v3.3.0","v3.3.1","v3.3.2","v3.4.0","v3.4.1","v3.4.2","v3.4.3","v3.5.0","v3.5.1","v3.6.0","v3.6.1","v3.6.2","v3.7.0","v4.0.0","v4.0.1","v4.1.0","v4.10.0","v4.11.0","v4.11.1","v4.11.2","v4.11.3","v4.11.4","v4.11.5","v4.11.6","v4.11.7","v4.11.8","v4.11.9","v4.12.0","v4.13.0","v4.14.0","v4.14.1","v4.14.2","v4.15.0","v4.15.1","v4.16.0","v4.16.0.dev2","v4.16.1","v4.16.1.dev3","v4.16.2","v4.16.2.dev4","v4.17.0","v4.17.0.dev5","v4.17.1","v4.17.1.dev6","v4.18.0","v4.18.0.dev7","v4.18.1","v4.18.1.dev8","v4.18.1.dev9","v4.18.2","v4.18.2.dev10","v4.18.2.dev11","v4.18.2.dev12","v4.18.2.dev13","v4.18.2.dev15","v4.18.2.dev16","v4.18.2.dev17","v4.18.2.dev18","v4.18.2.dev19","v4.18.2.dev20","v4.19.0","v4.19.0.dev21","v4.19.0.dev22","v4.19.0.dev24","v4.19.0.dev25","v4.19.0.dev27","v4.19.0.dev28","v4.19.0.dev29","v4.19.0.dev30","v4.19.0.dev31","v4.19.0.dev32","v4.2.0","v4.20.0","v4.20.0.dev33","v4.20.0.dev34","v4.21.0","v4.21.0.dev35","v4.21.0.dev36","v4.21.0.dev37","v4.22.0","v4.22.0.dev38","v4.22.0.dev39","v4.22.0.dev40","v4.22.0.dev41","v4.22.0.dev42","v4.22.0.dev43","v4.22.0.dev44","v4.22.0.dev45","v4.22.1","v4.22.1.dev46","v4.22.1.dev47","v4.22.1.dev48","v4.22.1.dev50","v4.22.1.dev51","v4.22.1.dev52","v4.22.1.dev53","v4.3.0","v4.4.0","v4.5.0","v4.6.0","v4.7.0","v4.7.1","v4.7.2","v4.7.3","v4.7.4","v4.7.5","v4.7.6","v4.7.7","v4.8.0","v4.8.1","v4.8.2","v4.8.3","v4.8.4","v4.8.5","v4.9.0","v5.0.0.dev54","v5.0.0.dev55","v5.0.0.dev56","v5.0.0.dev57","v5.0.0.dev58","v5.0.0.dev59","v5.0.0.dev60","v5.0.0.dev61","v5.0.0.dev62","v5.0.0.dev63","v5.0.0.dev64","v5.0.1","v5.0.2","v5.0.3","v5.0.4","v5.0.5","v5.0.6","v5.1.0","v6.0.0","v6.1.0","v6.2.0","v6.3.0","v6.3.0.dev120","v6.3.0.dev121","v6.3.0.dev122","v6.3.0.dev123","v6.3.1","v6.3.1.dev125","v6.3.1.dev126","v6.3.1.dev127","v6.3.1.dev128","v6.3.1.dev129","v6.3.1.dev130","v6.3.1.dev131","v6.3.1.dev132","v6.3.1.dev133","v6.3.1.dev134","v6.3.1.dev135","v6.3.1.dev136","v6.3.1.dev137","v6.3.1.dev138","v6.3.1.dev139","v6.3.1.dev140","v6.3.1.dev141","v6.3.1.dev142","v6.3.1.dev143","v6.3.1.dev144","v6.3.1.dev145","v6.3.1.dev146","v6.3.1.dev147","v6.3.1.dev148","v6.3.1.dev149","v6.3.1.dev150","v6.3.1.dev151","v6.3.1.dev152","v6.3.1.dev153","v6.3.1.dev154","v6.3.1.dev155","v6.3.1.dev156","v6.3.1.dev157","v6.3.1.dev158","v6.3.1.dev159","v6.4.0","v6.4.0.dev161","v6.4.0.dev162","v6.4.0.dev163","v6.4.0.dev164","v6.4.0.dev165","v6.4.0.dev166","v6.4.0.dev167","v6.4.0.dev168","v6.4.0.dev169","v6.4.0.dev170","v6.5.0","v6.5.0.dev172","v6.5.0.dev173","v6.5.0.dev174","v6.5.0.dev175","v6.5.0.dev176","v6.5.0.dev177","v6.5.0.dev178","v6.5.0.dev179","v6.5.0.dev180","v6.5.0.dev181","v6.5.0.dev182","v6.5.0.dev183","v6.5.0.dev184","v6.5.0.dev185","v6.5.0.dev186","v6.5.0.dev187","v6.6.0","v6.6.0.dev189","v6.6.1","v6.6.1.dev191","v6.6.1.dev192","v6.6.1.dev193","v6.6.1.dev194","v6.6.1.dev195","v6.6.1.dev196","v6.6.1.dev197","v6.6.1.dev198","v6.6.1.dev199","v6.6.1.dev200","v6.6.1.dev201","v6.6.1.dev202","v6.6.1.dev203","v6.6.1.dev204","v6.6.1.dev205","v6.6.1.dev206","v6.6.1.dev207","v6.6.1.dev208","v6.6.1.dev209","v6.6.1.dev210","v6.6.1.dev211","v6.6.1.dev212","v6.6.1.dev213","v6.6.1.dev214","v6.6.1.dev215","v6.6.1.dev216","v6.7.0","v6.7.0.dev218","v6.7.0.dev219","v6.7.0.dev220","v6.7.0.dev221","v6.7.1","v6.7.1.dev223","v6.7.1.dev224","v6.7.1.dev225","v6.7.1.dev226","v6.7.1.dev227","v6.7.1.dev228","v6.7.1.dev229","v6.7.1.dev230","v6.7.1.dev231","v6.7.1.dev232","v6.7.1.dev233","v6.7.1.dev234","v6.7.2","v6.7.2.dev236","v6.7.2.dev237","v6.7.2.dev238","v6.7.2.dev239","v6.7.2.dev240","v6.7.2.dev241","v6.7.2.dev242","v6.7.2.dev243","v6.7.2.dev244","v6.7.2.dev245","v6.7.2.dev246","v6.7.2.dev247","v6.7.2.dev248","v6.7.2.dev249","v6.7.2.dev250","v6.7.2.dev251","v6.7.2.dev252","v6.7.2.dev253","v6.7.2.dev254","v6.7.2.dev255","v6.7.2.dev256","v6.7.2.dev257","v6.7.2.dev258","v6.7.2.dev259"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32112.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"}]}