Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Home Assistant Community Store (HACS)

Source -

CNA

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
1Vulnerabilities found
CVE-2021-47942
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-Not Assigned
Published-16 May, 2026 | 15:28
Updated-16 May, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Home Assistant Community Store 1.10.0 Path Traversal Account Takeover

Home Assistant Community Store (HACS) 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/ endpoint. Attackers can retrieve the .storage/auth file containing user credentials and refresh tokens, then craft valid JWT tokens to gain administrative access to Home Assistant instances.

Action-Not Available
Vendor-Home-Assistant
Product-Home Assistant Community Store (HACS)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')