CVE-2026-32111: ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle

March 12, 2026

The ha-mcp OAuth consent form (beta feature) accepts a user-supplied ha_url and makes a server-side HTTP request to {ha_url}/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network reconnaissance via an error oracle. Two additional code paths in OAuth tool calls (REST and WebSocket) are affected by the same primitive.

The primary deployment method (private URL with pre-configured HOMEASSISTANT_TOKEN) is not affected.

References

github.com/advisories/GHSA-fmfg-9g7c-3vq7
github.com/homeassistant-ai/ha-mcp
github.com/homeassistant-ai/ha-mcp/security/advisories/GHSA-fmfg-9g7c-3vq7
nvd.nist.gov/vuln/detail/CVE-2026-32111

Code Behaviors & Features

Detect and mitigate CVE-2026-32111 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →