Is CVE-2026-34205 actively exploited?

CVE-2026-34205 has no public evidence of in-the-wild exploitation as of 2026-03-30.

What is the CVSS score for CVE-2026-34205?

CVE-2026-34205 has a CVSS score of 9.6 (CRITICAL severity). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

How do I patch CVE-2026-34205?

Vendor patch guidance is linked from the references on this page. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2026-34205.

Which products are affected by CVE-2026-34205?

Affected products for CVE-2026-34205 are listed on this page once vendor data becomes available.

Fix CVE-2026-34205 - CRITICAL Vulnerability

Description

Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps (formerly add-ons) configured with host network mode expose unauthenticated endpoints bound to the internal Docker bridge interface to the local network. On Linux, this configuration does not restrict access to the app as intended, allowing any device on the same network to reach these endpoints without authentication. Home Assistant Supervisor 2026.03.02 addresses the issue.

CVSS Metrics

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector: adjacent network
Complexity: low
Privileges: none
User Action: none
Scope: changed
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-923

Metadata

Primary Vendor: UNKNOWN
Published: 3/27/2026
Last Modified: 3/30/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

No affected products information available.

Remediation Guidance

Executive Summary

Cite this page

CVE-2026-34205. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2026-34205

View on NIST NVD

CVE-2026-34205 vulnerability