{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40602", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-14T14:07:59.641Z", "datePublished": "2026-04-21T17:40:10.251Z", "dateUpdated": "2026-04-21T19:02:03.968Z"}, "containers": {"cna": {"title": "hass-cli: Handling of user-supplied Jinja2 templates", "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "lang": "en", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-1336", "lang": "en", "description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/home-assistant-ecosystem/home-assistant-cli/security/advisories/GHSA-33qf-q99x-wpm8", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/home-assistant-ecosystem/home-assistant-cli/security/advisories/GHSA-33qf-q99x-wpm8"}, {"name": "https://github.com/home-assistant-ecosystem/home-assistant-cli/pull/453", "tags": ["x_refsource_MISC"], "url": "https://github.com/home-assistant-ecosystem/home-assistant-cli/pull/453"}], "affected": [{"vendor": "home-assistant-ecosystem", "product": "home-assistant-cli", "versions": [{"version": "< 1.0.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-21T17:40:10.251Z"}, "descriptions": [{"lang": "en", "value": "The Home Assistant Command-line interface (hass-cli) is a command-line tool for Home Assistant. Up to 1.0.0 of home-assitant-cli an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was rendered locally with no restrictions. This gave users access to Python's internals and extended the scope of templating beyond the intended usage. This vulnerability is fixed in 1.0.0."}], "source": {"advisory": "GHSA-33qf-q99x-wpm8", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-21T19:01:54.397388Z", "id": "CVE-2026-40602", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T19:02:03.968Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40602", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-21T19:01:54.397388Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T19:01:58.525Z"}}], "cna": {"title": "hass-cli: Handling of user-supplied Jinja2 templates", "source": {"advisory": "GHSA-33qf-q99x-wpm8", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "home-assistant-ecosystem", "product": "home-assistant-cli", "versions": [{"status": "affected", "version": "< 1.0.0"}]}], "references": [{"url": "https://github.com/home-assistant-ecosystem/home-assistant-cli/security/advisories/GHSA-33qf-q99x-wpm8", "name": "https://github.com/home-assistant-ecosystem/home-assistant-cli/security/advisories/GHSA-33qf-q99x-wpm8", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/home-assistant-ecosystem/home-assistant-cli/pull/453", "name": "https://github.com/home-assistant-ecosystem/home-assistant-cli/pull/453", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "The Home Assistant Command-line interface (hass-cli) is a command-line tool for Home Assistant. Up to 1.0.0 of home-assitant-cli an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was rendered locally with no restrictions. This gave users access to Python's internals and extended the scope of templating beyond the intended usage. This vulnerability is fixed in 1.0.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1336", "description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-21T17:40:10.251Z"}}}, "cveMetadata": {"cveId": "CVE-2026-40602", "state": "PUBLISHED", "dateUpdated": "2026-04-21T19:02:03.968Z", "dateReserved": "2026-04-14T14:07:59.641Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-21T17:40:10.251Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Home Assistant Command-line interface (hass-cli) is a command-line tool for Home Assistant. Up to 1.0.0 of home-assitant-cli an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was rendered locally with no restrictions. This gave users access to Python's internals and extended the scope of templating beyond the intended usage. This vulnerability is fixed in 1.0.0."}], "id": "CVE-2026-40602", "lastModified": "2026-04-22T21:24:26.997", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.3, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-21T18:16:51.827", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/home-assistant-ecosystem/home-assistant-cli/pull/453"}, {"source": "security-advisories@github.com", "url": "https://github.com/home-assistant-ecosystem/home-assistant-cli/security/advisories/GHSA-33qf-q99x-wpm8"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}, {"lang": "en", "value": "CWE-1336"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.0.0)"}}], "enrichment": {"confidence": 81.0, "confidence_source": "matching", "scores": [{"score": 81.0, "source": "matching"}]}, "original": {"product": "home-assistant-cli", "source": "cna", "vendor": "home-assistant-ecosystem"}, "product": "home-assistant", "vendor": "home-assistant"}], "analysis": {"en": {"generated_at": "2026-04-22T05:38:48.189363+00:00", "value": {"mitigation_remediation": ["Upgrade hass\u2011cli to version 1.0.0 or newer, where the Jinja2 environment is sandboxed.", "Restrict template execution to pre\u2011approved scripts or environments, for example by disabling user\u2011supplied templates or enforcing a whitelist of allowed expressions.", "Apply role\u2011based access controls so that only trusted users can invoke hass\u2011cli with arbitrary Jinja2 templates, reducing the risk of local code execution attacks."], "summary": {"action": "Immediate Patch", "impact": "Local code execution via unrestricted Jinja2 templating"}, "threat_synthesis": {"affected_systems": "The bug affects the Home Assistant Ecosystem\u2019s home\u2011assistant\u2011cli product, specifically all releases up to and including 0.x versions; the vulnerability was fixed in version 1.0.0 and later.", "description_and_impact": "The Home Assistant Command\u2011line interface (hass\u2011cli) previously used an unrestricted Jinja2 environment to render user\u2011supplied templates, allowing full access to Python\u2019s internals. As a result, an attacker could construct a malicious template that executes arbitrary Python code locally. This vulnerability is a classic example of improper restriction of operations (CWE\u20111336) and improper code generation control (CWE\u201194), and it permits local code execution beyond the intended templating functionality.", "risk_and_exploitability": "The CVSS score of 5.6 indicates medium severity, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires local access to the hass\u2011cli utility or the ability to supply a template to the tool, meaning the threat is confined to users with sufficient privilege on the host machine. If those conditions are met, an attacker can run arbitrary code on the system, potentially leading to full compromise of the host."}}}}, "created": "2026-04-22T05:45:09.825479+00:00", "updated": "2026-04-22T11:45:59.264658+00:00", "vendors": ["home-assistant", "home-assistant$PRODUCT$home-assistant"]}