Unrated severityNVD Advisory· Published Mar 7, 2026· Updated Mar 9, 2026

Homarr: Unauthenticated Information Disclosure (Integration Metadata Leak)

CVE-2026-27796

Description

Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of configured integrations. This metadata includes sensitive information such as internal service URLs, integration names, and service types. This issue has been patched in version 1.54.0.

Affected products

Homarr Labs/Homarrv5
Range: < 1.54.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/homarr-labs/homarr/commit/91fc5a5c747121475a50f2713d571ceb89e95257mitrex_refsource_MISC
github.com/homarr-labs/homarr/releases/tag/v1.54.0mitrex_refsource_MISC
github.com/homarr-labs/homarr/security/advisories/GHSA-m4vc-4prp-cvp7mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000