GHSA-33qf-q99x-wpm8

Source

https://github.com/advisories/GHSA-33qf-q99x-wpm8

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-33qf-q99x-wpm8/GHSA-33qf-q99x-wpm8.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-33qf-q99x-wpm8

Aliases

CVE-2026-40602

Published

2026-04-16T21:28:39Z

Modified

2026-05-05T15:59:50.490146Z

Severity

5.6 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N CVSS Calculator

Summary

Home Assistant Command-line Interface: Handling of user-supplied Jinja2 templates

Details

Impact

Up to 1.0.0 of home-assitant-cli (or hass-cli for short) an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was rendered locally with no restrictions. This gave users access to Python's internals and extended the scope of templating beyond the intended usage.

E. g., it was possible to render a template with hass-cli template bad-template.j2 --local that contained entries like

{%- set b   = environ.__globals__['__builtins__'] -%}
{%- set os  = b['__import__']('os') -%}
{%- set bio = b['__import__']('builtins') -%}
...

or other malicious Jinja2 expressions. This can lead to arbitrary code execution on the local machine.

In a two step process an adversary could trick/convince an user to download third-party templates which contain harmful code (e. g., perform data manipulation or establish a remote shell) then to render those templates unchecked/reviewed/verified with --local.

The issue only affect the local machine and not a remote Home Assistant instance. It also requires user interventions.

Patches

1.0.0 uses ImmutableSandboxedEnvironment and restricts the usage of environment variables.

Workarounds

Evaluate the Jninja2 templates manually or tool-based before rendering with hass-cli.

Database specific

{
    "nvd_published_at": "2026-04-21T18:16:51Z",
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-1336",
        "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-16T21:28:39Z"
}

References

Affected packages

PyPI / homeassistant-cli

Package

Name: homeassistant-cli; View open source insights on deps.dev
Purl: pkg:pypi/homeassistant-cli

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.0

Affected versions

0.*

0.0.1

0.0.2

0.1.0

0.2.0

0.3.0

0.3.1

0.4.0

0.4.2

0.4.3

0.4.4

0.5.0

0.6.0

0.7.0

0.8.0.dev20190526135708

0.8.0.dev20190605085655

0.8.0.dev20190606203343

0.8.0.dev20190620181132

0.8.0.dev20190830233747

0.8.0.dev20190831013412

0.8.0.dev20190904132147

0.8.0.dev20190904150333

0.8.0.dev20190904150359

0.8.0.dev20190904150421

0.8.0.dev20190904150522

0.8.0.dev20190904150533

0.8.0.dev20190904150553

0.8.0.dev20190904150620

0.8.0.dev20190905133825

0.8.0.dev20190905140301

0.8.0.dev20191020214221

0.8.0.dev20191020224629

0.8.0.dev20191031201051

0.8.0

0.9.0.dev20191117224053

0.9.0.dev20191117231524

0.9.0

0.9.1

0.9.2

0.9.3

0.9.4

0.9.6

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-33qf-q99x-wpm8/GHSA-33qf-q99x-wpm8.json"