In brief: Home Assistant’s Companion Apps for Android and iOS allow attackers to compromise and take over Home Assistant instances.
The official Companion Apps for Home Assistant on Android and iOS contain a critical security vulnerability that enables attackers to gain complete control over Home Assistant instances. The vulnerability affects the mobile applications, not the central platform.
The official Companion Apps for Home Assistant on Android and iOS contain a critical security vulnerability. They allow attackers to gain complete control over a Home Assistant instance and take it over.
For organizations that use Home Assistant in enterprise environments or as core infrastructure, this poses a significant risk. Compromising a Home Assistant instance can provide access to connected devices, automations, and sensitive household data. This directly contradicts the requirements for system security and availability under the NIS2 Directive.
CISOs should conduct an inventory to determine the extent to which Home Assistant and its Companion Apps are deployed in their infrastructure or in connected systems. Depending on severity and available patches, mitigation measures should be initiated promptly or migration to updated versions should be undertaken.
Source: www.heise.de · Published June 1, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrasing and classification through Lumi News Pipeline v1.2.8.