What is the CVSS score of CVE-2026-34205?

CVE-2026-34205 has a CVSS 3.1 base score of 9.6 (Critical). CVSS vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Docker are affected by CVE-2026-34205?

Home Assistant Supervisor versions prior to 2026.03.02 contain a critical network isolation bypass affecting Docker-based deployments on Linux, allowing any device on the local network to access…. A patch is available.

Is there a public PoC exploit available for CVE-2026-34205?

Yes, a public proof-of-concept exploit is available for CVE-2026-34205. Prioritise patching immediately. EPSS: 0.0%.

Docker CVE-2026-34205

EUVD-2026-16793 CRITICAL

Improper Restriction of Communication Channel to Intended Endpoints (CWE-923)

2026-03-27 security-advisories@github.com

Information Disclosure Docker

9.6

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 05:48 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

2026.03.2

PoC Detected

Mar 30, 2026 - 13:26 vuln.today

Public exploit code

EUVD ID Assigned

Mar 27, 2026 - 20:22 euvd

EUVD-2026-16793

Analysis Generated

Mar 27, 2026 - 20:22 vuln.today

CVE Published

Mar 27, 2026 - 20:16 nvd

CRITICAL 9.6

DescriptionNVD

Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps (formerly add-ons) configured with host network mode expose unauthenticated endpoints bound to the internal Docker bridge interface to the local network. On Linux, this configuration does not restrict access to the app as intended, allowing any device on the same network to reach these endpoints without authentication. Home Assistant Supervisor 2026.03.02 addresses the issue.

AnalysisAI

Unauthenticated network access to Home Assistant apps bypasses intended Docker isolation on Linux systems, exposing internal services to any device on the local network. Apps configured with host network mode inadvertently bind internal Docker bridge endpoints to the broader LAN without authentication controls, enabling unauthorized access with high confidentiality, integrity, and availability impact (CVSS 9.6). …

RemediationAI

Within 24 hours: Identify all Home Assistant Supervisor instances running versions prior to 2026.03.02 using network asset inventory or configuration management tools. Within 7 days: Update all affected Supervisor instances to version 2026.03.02 or later via official vendor channels; verify Docker host network mode configurations post-patch and disable where not operationally required. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-34205 vulnerability details – vuln.today

Back

Docker CVE-2026-34205

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code