CVE-2026-34205

Home Assistant: Unauthenticated App (Add-on) Endpoints Exposed to Local Network via Host Network Mode

Description

Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps (formerly add-ons) configured with host network mode expose unauthenticated endpoints bound to the internal Docker bridge interface to the local network. On Linux, this configuration does not restrict access to the app as intended, allowing any device on the same network to reach these endpoints without authentication. Home Assistant Supervisor 2026.03.02 addresses the issue.

INFO

Published Date :

2026-03-27T19:41:10.707Z

Last Modified :

2026-03-27T19:41:10.707Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2026-34205 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-34205.

URL	Resource
https://github.com/home-assistant/core/security/advisories/GHSA-gh5m-4m97-c95h

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact