CVE-2026-27796

Medium CVSS: 5.3

Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of configured integrations. This metadata includes sensitive information such as internal service URLs, integration names, and service types. This issue has been patched in version 1.54.0.

Vendor

Homarr

Product

Homarr

CWE

CWE-200

Yayın Tarihi

2026-03-07 06:16:09

Güncelleme

2026-03-10 16:24:21

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-200 Homarr MEDIUM Homarr 2026

Referanslar

https://github.com/homarr-labs/homarr/commit/91fc5a5c747121475a50f2713d571ceb89e95257 https://github.com/homarr-labs/homarr/releases/tag/v1.54.0 https://github.com/homarr-labs/homarr/security/advisories/GHSA-m4vc-4prp-cvp7

Benzer Kayıtlar

Medium

CVE-2026-27797

Homarr is an open-source dashboard. Prior to version 1.54.0, an unauthenticated Server-Side Request Forgery (SSRF) vulne…

Medium

CVE-2026-25123

Homarr is an open-source dashboard. Prior to 1.52.0, a public (unauthenticated) tRPC endpoint widget.app.ping accepts an…

High

CVE-2025-67493

Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege e…