Go modules package
github.com/getarcaneapp/arcane/backend
pkg:golang/github.com/getarcaneapp/arcane/backend
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-42461 | Hig | 7.5 | < 1.18.0 | 1.18.0 | May 9, 2026 | Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.18.0, four GET endpoints under /api/templates* in Arcane's Huma backend are registered without any Security requirement, allowing any unauthenticated network client to list an | |
| CVE-2026-40242 | Hig | 7.2 | < 1.17.3 | 1.17.3 | Apr 10, 2026 | Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.17.3, the /api/templates/fetch endpoint accepts a caller-supplied url parameter and performs a server-side HTTP GET request to that URL without authentication and without URL scheme o | |
| CVE-2026-23520 | — | < 0.0.0-20260114065515-5a9c2f92e11f | 0.0.0-20260114065515-5a9c2f92e11f | Jan 15, 2026 | Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defini |
- affected < 1.18.0fixed 1.18.0
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.18.0, four GET endpoints under /api/templates* in Arcane's Huma backend are registered without any Security requirement, allowing any unauthenticated network client to list an
- affected < 1.17.3fixed 1.17.3
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.17.3, the /api/templates/fetch endpoint accepts a caller-supplied url parameter and performs a server-side HTTP GET request to that URL without authentication and without URL scheme o
- CVE-2026-23520Jan 15, 2026affected < 0.0.0-20260114065515-5a9c2f92e11ffixed 0.0.0-20260114065515-5a9c2f92e11f
Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defini