top of page
perceptive_background_267k.jpg

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.4.1 for iOS and 2026.4.4 for Android, he Home As…

Published:

28 mei 2026 om 22:00:00

Alert date:

29 mei 2026 om 17:11:07

Source:

nvd.nist.gov

Click to open the original link from this advisory

Mobile & IoT, Web Technologies

Home Assistant Companion apps for Android and iOS expose a JavaScript bridge vulnerability that allows cross-origin iframe exploitation. The vulnerability enables arbitrary JavaScript execution in the main-frame origin and access token exfiltration. Two flaws expose the bridge to all frames including cross-origin iframes and unsanitized interpolation of JavaScript callback identifiers. The issue affects versions prior to 2026.4.1 for iOS and 2026.4.4 for Android. Patches are available in the specified versions.

Technical details

Mitigation steps:

Affected products:

Home Assistant Companion

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-44698
https://github.com/home-assistant/core/security/advisories/GHSA-7jp2-p2fw-mgvf

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page