CVE-2026-32112: ha-mcp has XSS via Unescaped HTML in OAuth Consent Form

March 12, 2026

The ha-mcp OAuth consent form renders user-controlled parameters via Python f-strings with no HTML escaping. An attacker who can reach the OAuth endpoint and convince the server operator to follow a crafted authorization URL could execute JavaScript in the operator’s browser. This affects only users running the beta OAuth mode (ha-mcp-oauth), which is not part of the standard setup and requires explicit configuration.

References

github.com/advisories/GHSA-pf93-j98v-25pv
github.com/homeassistant-ai/ha-mcp
github.com/homeassistant-ai/ha-mcp/security/advisories/GHSA-pf93-j98v-25pv
nvd.nist.gov/vuln/detail/CVE-2026-32112

Code Behaviors & Features

Detect and mitigate CVE-2026-32112 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →