Primary

Context

Home Assistant Community Store Path Traversal Vulnerability Allowing Account Takeover

Vulnerability

A path traversal vulnerability has been identified in the Home Assistant Community Store (HACS) version 1.10.0. This vulnerability allows unauthenticated attackers to read sensitive files by traversing directories through the /hacsfiles/ endpoint. Exploitation of this vulnerability enables attackers to access the .storage/auth file, which contains user credentials and refresh tokens. With this information, attackers can craft valid JWT tokens to gain administrative access to Home Assistant instances.

Impact

Exploitation of this vulnerability could lead to unauthorized administrative access on the affected Home Assistant instance.

Reproduction

The vulnerability can be reproduced by sending a request to the /hacsfiles/ endpoint with a crafted file path that traverses directories. This can be done using a simple Python script that exploits the path traversal to access the .storage/auth file.

Added: May 16, 2026, 4:28 PM

Updated: May 16, 2026, 4:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

8.5

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

8.5

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Home Assistant Community Store Path Traversal Vulnerability Allowing Account Takeover

Vulnerability

Impact

Reproduction

Affected Products

Home Assistant Community Store

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating