Is Google affected by EUVD-2026-16775?

Home Assistant versions 2025.02 through 2026.00 contain a stored cross-site scripting vulnerability in the mobile sensor component that allows authenticated users with administrative privileges to inject malicious scripts through crafted sensor names, potentially compromising dashboard integrity…

EUVD-2026-16775

| CVE-2026-33045 HIGH

2026-03-27 [email protected]

GHSA-46j8-vpx8-6p72

7.3

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Scope

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 27, 2026 - 20:22 vuln.today

EUVD ID Assigned

Mar 27, 2026 - 20:22 euvd

EUVD-2026-16775

CVE Published

Mar 27, 2026 - 20:16 nvd

HIGH 7.3

Description

Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2025.02 and prior to version 2026.01 the "remaining charge time"-sensor for mobile phones (imported/included from Android Auto it appears) is vulnerable cross-site scripting, similar to CVE-2025-62172. Version 2026.01 fixes the issue.

Analysis

Cross-site scripting in Home Assistant's mobile phone remaining charge time sensor allows authenticated attackers to inject malicious scripts via crafted sensor names imported from Android Auto. Affecting Home Assistant versions 2025.02 through 2026.00, this vulnerability requires low attack complexity and privileged access but relies on user interaction to execute stored XSS payloads. …

Remediation

Within 24 hours: inventory all Home Assistant instances and document current versions in use. Within 7 days: upgrade affected instances (2025.02 through 2026.00) to Home Assistant version 2026.01 or later; restrict administrative access to trusted users only during transition. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +36

POC: 0

EUVD-2026-16775 vulnerability details – vuln.today

Back

EUVD-2026-16775

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-16775

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code