By weakness (CWE)

CWE-749: related vulnerabilities

CVEs classified under CWE-749. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

2 published vulnerabilities

  • CVE-2026-44698HIGH 8.3

    Home Assistant Companion apps for iOS and Android contain a vulnerability that allows malicious websites viewed in the app to steal a user's access token and run code as if they were logged into Home Assistant. The flaw stems from improper protection of a JavaScript bridge that connects web content to native app functionality. An attacker can craft a webpage with hidden content that tricks the bridge into executing arbitrary commands with the victim's credentials, effectively compromising their Home Assistant account.

  • CVE-2026-44798HIGH 7.1

    A vulnerability in Nautobot allows authenticated users with GitRepository management permissions to manipulate an internal field (current_head) via the REST API that should not be user-editable. By setting this field to arbitrary values, an attacker could cause Nautobot's local repository clones to checkout outdated commits or become unusable entirely, creating operational disruption and potentially stale or corrupted network automation state. The issue affects versions prior to 2.4.33 and 3.1.2.