Threats Tagged 'cve-2026-32112'
View all threats tagged with 'cve-2026-32112'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-32112'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-32112: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in homeassistant-ai ha-mcpCVE-2026-32112 0 CVE-2026-32112 is a cross-site scripting (XSS) vulnerability in the ha-mcp OAuth consent form of the Home Assistant MCP Server prior to version 7. 0. 0. The vulnerability arises because user-controlled parameters are rendered using Python f-strings without proper HTML escaping, allowing injection of malicious JavaScript. Exploitation requires an attacker to reach the OAuth endpoint and trick the server operator into visiting a crafted authorization URL. This issue affects only users who have explicitly enabled the beta OAuth mode (ha-mcp-oauth), which is not part of the default setup. The vulnerability has a CVSS score of 6. 8, indicating medium severity, with high impact on confidentiality and integrity but no impact on availability. No known exploits are currently in the wild. The vulnerability is fixed in version 7. Join the discussion | CVE Database V5 | 03/11/2026, 20:42:30 UTC Added: 03/11/2026, 20:59:51 UTC |
Showing 1 to 1 of 1 result