| CVE-2026-45625 |
critical |
9.9 |
9.9 |
|
|
|
11d ago |
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-based REST API exposes nine endpoints under /api/customize/git-repositories and /a… |
| CVE-2026-47125 |
high |
8.8 |
8.8 |
|
|
|
7d ago |
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.2, the PUT /api/environments/{id}/templates/variables endpoint, which writes the system-wide .env.g… |
| CVE-2026-45627 |
high |
8.2 |
8.2 |
|
|
|
11d ago |
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, the unauthenticated GET /api/app-images/logo endpoint reflects a user-supplied color query param… |
| CVE-2026-47179 |
high |
7.7 |
7.7 |
|
|
|
1d ago |
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directiv… |
| CVE-2026-42461 |
high |
7.5 |
7.5 |
|
|
|
21d ago |
Arcane Vulnerable to Unauthenticated Disclosure of Custom Compose Template Content (incl. `.env` secrets) |
| CVE-2026-45626 |
medium |
6.3 |
6.3 |
|
|
|
11d ago |
Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/{id}/volumes/{volumeName}/browse accepts a path query parameter that is … |
| CVE-2026-40242 |
unknown |
— |
— |
|
|
|
2mo ago |
Arcane has Unauthenticated SSRF with Conditional Response Reflection in Template Fetch Endpoint |
| CVE-2026-23520 |
unknown |
— |
— |
|
|
|
4mo ago |
Arcane Has a Command Injection in Arcane Updater Lifecycle Labels That Enables RCE in github.com/getarcaneapp/arcane/backend |