7.5

CVE-2026-27796

Exploit

EPSS 0.05%
Veröffentlicht 07.03.2026 05:54:48
Zuletzt bearbeitet 10.03.2026 16:24:21
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of configured integrations. This metadata includes sensitive information such as internal service URLs, integration names, and service types. This issue has been patched in version 1.54.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Homarr ≫ Homarr Version < 1.54.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.14

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/homarr-labs/homarr/security/advisories/GHSA-m4vc-4prp-cvp7

Vendor Advisory

Exploit

https://github.com/homarr-labs/homarr/commit/91fc5a5c747121475a50f2713d571ceb89e95257

Patch

https://github.com/homarr-labs/homarr/releases/tag/v1.54.0

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2026-27796

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-27796

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-27796

EUVD