Esphome Vulnerabilities
Comprehensive security vulnerability database for Esphome products
1
0
1
0
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2024-27287 | 8.7 | This vulnerability allows an attacker who is already logged into the ESPHome dashboard to inject malicious scripts, potentially stealing session cookies and taking control of the dashboard to manipulate configuration files and firmware. To exploit this, the attacker needs to craft a specific request and trick another logged-in user into visiting a modified edit page. | esphomeesphome | Exploit Available | about 2 years agoMar 6, 2024 |
About Esphome Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Esphome products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.