CVE-2026-55844
Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2025.5.0, The iOS companion app i
CVSS
7.5
High
EPSS
0.2%
p6
KEV
—
Exploit Today
2
0-100
Published: Jun 29, 2026 · Last modified: Jun 30, 2026 · CWE-319
0.2%EPSS · 30 days0.2%
2026-06-302026-07-17
Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2025.5.0, The iOS companion app ignores the SSID allowlist for internal networks. The app uses SSID to detect when to use the internal URL, but whenever the app cannot find any other URL to be used, it fallbacks to the internal URL as well, which can expose user's token when connected to a not secure network. This vulnerability is fixed in 2025.5.0.
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2023-318237.5 HIG47.0%
——14An issue found in Marui Co Marui Official app v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Marui Official Store function.9dCVE-2024-487887.5 HIG43.2%
——13An issue in YESCAM (com.yescom.YesCam.zwave) 1.0.2 allows a remote attacker to obtain sensitive information via the firmware update process.13dCVE-2024-388917.5 HIG35.4%
——11An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Sniffing Network Traffic attack due to the cleartext transmission of sensitive information.12dCVE-2023-390867.5 HIG23.4%
——7ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitive information in cleartext.9dCVE-2025-564479.8 CRI19.3%
——6TM2 Monitoring v3.04 contains an authentication bypass and plaintext credential disclosure.12dCVE-2025-671597.5 HIG17.4%
——5Vatilon v1.12.37-20240124 was discovered to transmit user credentials in plaintext.13d