Vulnerabilities in esphome
6 resultsCVE-2024-27081HIGHESPHome remote code execution via arbitrary file writeEPSS 1.5%CVE-2025-57808HIGHESP-IDF web_server basic auth bypass using empty or incomplete Authorization headerEPSS 1.5%CVE-2021-41104HIGHweb_server allows OTA update without checking user defined basic auth username & passwordEPSS 1.2%CVE-2024-27287MEDIUMESPHome vulnerable to stored Cross-site Scripting in edit configuration file APIEPSS 0.7%CVE-2026-23833LOWESPHome vulnerable to denial-of-service via out-of-bounds check bypass in the API componentEPSS 0.3%CVE-2024-29019HIGHESPHome vulnerable to Authentication bypass via Cross site request forgeryEPSS 0.3%