pkg:Go/github.com/getarcaneapp/arcane/backend

9 total CVEsCRITICAL3HIGH4MEDIUM1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.9CVE-2026-45625Arcane Backend: Missing admin authorization on git repository endpoints allows non-admin users to exfiltrate stored Git credentials and tamper with GitOps configs
    from 0, < 1.19.0
  • CRITICAL9.0CVE-2026-23520Arcane Has a Command Injection in Arcane Updater Lifecycle Labels That Enables RCE in github.com/getarcaneapp/arcane/backend
    from 0, < 0.0.0-20260114065515-5a9c2f92e11f
  • CRITICAL9.0CVE-2026-23520Arcane Has a Command Injection in Arcane Updater Lifecycle Labels That Enables RCE in github.com/getarcaneapp/arcane/backend
    from 0, < 0.0.0-20260114065515-5a9c2f92e11f
  • HIGH8.8CVE-2026-47125Arcane: Missing admin authorization on global variables endpoint
    from 0, < 1.19.2
  • HIGH8.2CVE-2026-45627Arcane Backend: Unauthenticated reflected XSS via SVG color parameter enables admin account takeover
    from 0, < 1.19.0
  • HIGH7.7CVE-2026-47179Arcane Has an Authenticated Arbitrary Host File Read via Docker Compose Include Directives
    from 0, < 1.19.4
  • HIGH7.2CVE-2026-40242Arcane has Unauthenticated SSRF with Conditional Response Reflection in Template Fetch Endpoint
    from 0, < 1.17.3
  • MEDIUM6.3CVE-2026-45626Arcane Backend: OS Command Injection in Volume Browser ListDirectory via path query parameter
    from 0, <= 1.18.1
  • CVE-2026-42461Arcane Vulnerable to Unauthenticated Disclosure of Custom Compose Template Content (incl. `.env` secrets)
    from 0, < 1.18.0