Skip to main content

Esphome

3 CVEs product

Monthly

CVE-2026-23833 PyPI HIGH PATCH This Week

ESPHome versions 2025.9.0 through 2025.12.6 are vulnerable to a denial-of-service attack via integer overflow in the API protobuf decoder, affecting all supported microcontroller platforms (ESP32, ESP8266, RP2040, LibreTiny). Unauthenticated attackers can crash ESPHome devices by sending specially crafted packets with large field length values to bypass bounds checking when API encryption is disabled. Upgrade to version 2025.12.7 or later to remediate.

Integer Overflow Denial Of Service Esphome Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-27287 PyPI HIGH PATCH This Week

ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Esphome
NVD GitHub
CVSS 3.1
8.7
EPSS
0.7%
CVE-2024-27081 PyPI HIGH POC PATCH This Week

ESPHome is a system to control your ESP8266/ESP32. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Path Traversal Esphome
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

ESPHome versions 2025.9.0 through 2025.12.6 are vulnerable to a denial-of-service attack via integer overflow in the API protobuf decoder, affecting all supported microcontroller platforms (ESP32, ESP8266, RP2040, LibreTiny). Unauthenticated attackers can crash ESPHome devices by sending specially crafted packets with large field length values to bypass bounds checking when API encryption is disabled. Upgrade to version 2025.12.7 or later to remediate.

Integer Overflow Denial Of Service Esphome +1
NVD GitHub
EPSS 1% CVSS 8.7
HIGH PATCH This Week

ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Esphome
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

ESPHome is a system to control your ESP8266/ESP32. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Path Traversal Esphome
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy